Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

281 advisories

Loading
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Apache ActiveMQ Deserialization of Untrusted Data vulnerability High
CVE-2022-41678 was published for org.apache.activemq:apache-activemq (Maven) Nov 28, 2023
sunSUNQ
Spring Framework vulnerable to denial of service High
CVE-2023-34053 was published for org.springframework:spring-webmvc (Maven) Nov 28, 2023
sunSUNQ
Jenkins does not exclude sensitive build variables from search Moderate
CVE-2023-43494 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 20, 2023
sunSUNQ
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Spring Framework vulnerable to denial of service High
CVE-2023-20863 was published for org.springframework:spring-expression (Maven) Apr 13, 2023
amita-seal sunSUNQ
Spring Framework is vulnerable to security bypass via mvcRequestMatcher pattern mismatch Critical
CVE-2023-20860 was published for org.springframework:spring (Maven) Mar 28, 2023
sunSUNQ
Spring Framework vulnerable to denial of service via specially crafted SpEL expression Moderate
CVE-2023-20861 was published for org.springframework:spring-expression (Maven) Mar 23, 2023
amita-seal sunSUNQ
Apache Commons FileUpload denial of service vulnerability High
CVE-2023-24998 was published for commons-fileupload:commons-fileupload (Maven) Feb 20, 2023
sunSUNQ westonsteimel
Apache Tomcat may reject request containing invalid Content-Length header High
CVE-2022-42252 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Nov 1, 2022
sunSUNQ westonsteimel
Uncontrolled Resource Consumption in Jackson-databind High
CVE-2022-42003 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz coheigea
sonnyhcl Christiaan-de-Wet sunSUNQ
Uncontrolled Resource Consumption in FasterXML jackson-databind High
CVE-2022-42004 was published for com.fasterxml.jackson.core:jackson-databind (Maven) Oct 3, 2022
AdamKorcz sonnyhcl
sunSUNQ pjfanning
Apache Tomcat Race Condition vulnerability Low
CVE-2021-43980 was published for org.apache.tomcat:tomcat (Maven) Sep 29, 2022
sunSUNQ
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21685 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Moderate
CVE-2019-10352 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
sunSUNQ
Denial of Service in Apache ActiveMQ Moderate
CVE-2011-4905 was published for org.apache.activemq:activemq-core (Maven) May 17, 2022
sunSUNQ
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to configure restricted projects Moderate
CVE-2013-7330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to execute arbitrary jobs Moderate
CVE-2014-2058 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkin allows attackers to obtain passwords by reading the HTML source code Moderate
CVE-2014-2061 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins allows attackers to determine whether a user exists Moderate
CVE-2014-2064 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Jenkins cross-site scripting (XSS) vulnerability Moderate
CVE-2014-2065 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database