GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
161 advisories
matrix-sydent and matrix-synapse Use Cryptographically Weak PRNG
High
CVE-2019-11842
was published
for
matrix-sydent
(pip)
May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin
Critical
CVE-2019-10306
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
May 24, 2022
Apache Geronimo JMX Remoting functionality allows remote code execution in 3.x before v3.0.1
High
CVE-2013-1777
was published
for
org.apache.geronimo.framework:geronimo-jmx-remoting
(Maven)
May 17, 2022
django-anymail Includes Sensitive Information in Log Files
Critical
CVE-2018-1000089
was published
for
django-anymail
(pip)
May 14, 2022
URLTrigger Plugin server-side request forgery vulnerability
Moderate
CVE-2018-1000606
was published
for
org.jenkins-ci.plugins:urltrigger
(Maven)
May 14, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
Moderate
CVE-2010-3700
was published
for
org.acegisecurity:acegi-security
(Maven)
May 14, 2022
simplejson before 2.6.1 vulnerable to array index error
Moderate
CVE-2014-4616
was published
for
simplejson
(pip)
May 14, 2022
AWS CodeDeploy Plugin stored AWS Secret Key in plain text
High
CVE-2018-1000403
was published
for
com.amazonaws:codedeploy
(Maven)
May 13, 2022
Expected Behavior Violation in Apache Tomcat
Critical
CVE-2017-5651
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Unsafe pyyaml load usage in PyAnyAPI
Critical
CVE-2017-16616
was published
for
pyanyapi
(pip)
May 13, 2022
XXE vulnerability in Jenkins Job Import Plugin
Critical
CVE-2019-1003015
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
May 13, 2022
Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin
Moderate
CVE-2018-1999033
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
May 13, 2022
Exposure of Resource to Wrong Sphere in Apache Tomcat
Critical
CVE-2017-5648
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003041
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Sandbox bypass vulnerability in Jenkins Script Security Plugin
Critical
CVE-2019-1003040
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Script security sandbox bypass in Matrix Project Plugin
Critical
CVE-2019-1003031
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
May 13, 2022
Script security sandbox bypass in Jenkins Job DSL Plugin
Critical
CVE-2019-1003034
was published
for
org.jenkins-ci.plugins:job-dsl
(Maven)
May 13, 2022
Script security sandbox bypass in Jenkins Email Extension Plugin
Critical
CVE-2019-1003032
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 13, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Sandbox bypass in Jenkins Pipeline: Groovy Plugin
Critical
CVE-2019-1003030
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Sony Neural Network Libraries reliance on untrusted inputs prior to v1.0.10
Critical
CVE-2019-10844
was published
for
nnabla
(pip)
May 13, 2022
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
Sandbox bypass in Script Security Plugin
Critical
CVE-2019-1003029
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Sandbox Bypass in Script Security Plugin
High
CVE-2019-1003005
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Apache Geronimo Application Server CSRF vulnerabilities
Moderate
CVE-2009-0039
was published
for
org.apache.geronimo.plugins:console
(Maven)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API