GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
26 advisories
Filter by severity
Apache Spark UI can allow impersonation if ACLs enabled
High
CVE-2022-33891
was published
for
org.apache.spark:spark-parent_2.12
(Maven)
Jul 19, 2022
Command Injection in Kylin
High
CVE-2020-1956
was published
for
org.apache.kylin:kylin-core-common
(Maven)
Jul 27, 2020
Arbitrary shell command execution in Jenkins EC2 Plugin
High
CVE-2017-1000502
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 14, 2022
Sandbox bypass in Jenkins Script Security Plugin
High
CVE-2023-24422
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Jan 26, 2023
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection
High
CVE-2022-25175
was published
for
org.jenkins-ci.plugins.workflow:workflow-multibranch
(Maven)
Feb 16, 2022
OS command execution vulnerability in Jenkins Docker Commons Plugin
High
CVE-2022-20617
was published
for
org.jenkins-ci.plugins:docker-commons
(Maven)
Jan 13, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-25173
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2022-25174
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ
High
CVE-2014-3576
was published
for
org.apache.activemq:activemq-client
(Maven)
May 14, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin
High
CVE-2019-10392
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
May 24, 2022
Apache Tomcat OS Command Injection vulnerability
High
CVE-2019-0232
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Apr 18, 2019
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources
High
CVE-2022-40634
was published
for
org.craftercms:crafter-studio
(Maven)
Sep 14, 2022
trentm/json vulnerable to command injection
High
CVE-2020-7712
was published
for
json
(Maven)
May 6, 2021
Apache James Server OS Command Injection
High
CVE-2015-7611
was published
for
org.apache.james:james-server
(Maven)
May 14, 2022
Shell command injection in Apache Syncope
High
CVE-2020-11977
was published
for
org.apache.syncope:syncope
(Maven)
Jun 16, 2021
XStream can be used for Remote Code Execution
High
CVE-2020-26217
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Nov 16, 2020
Code injection in Apache NiFi and NiFi Registry
High
CVE-2022-33140
was published
for
org.apache.nifi.registry:nifi-registry-core
(Maven)
Jun 16, 2022
OS Command Injection in Nexus Yum Repository Plugin
High
CVE-2019-5475
was published
for
org.sonatype.nexus.plugins:nexus-yum-repository-plugin
(Maven)
Sep 11, 2019
ballcat-codegen template engine remote code execution injection
High
CVE-2022-24881
was published
for
com.hccake:ballcat-codegen
(Maven)
Apr 27, 2022
OS command injection vulnerability in Jenkins Play Framework Plugin
High
CVE-2020-2200
was published
for
org.jenkins-ci.plugins:play-autotest-plugin
(Maven)
May 24, 2022
CrafterCMS OS Command Injection vulnerability
High
CVE-2022-40635
was published
for
org.craftercms:craftercms
(Maven)
Sep 14, 2022
OS command injection in CryptoMove Plugin
High
CVE-2020-2159
was published
for
io.jenkins.plugins:cryptomove
(Maven)
May 24, 2022
System command execution vulnerability in Selection tasks Jenkins Plugin
High
CVE-2020-2276
was published
for
org.jvnet.hudson.plugins:selection-tasks-plugin
(Maven)
May 24, 2022
OS command execution vulnerability in Perfecto Plugin
High
CVE-2020-2261
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
OS Command Injection in Jenkins
High
CVE-2017-1000393
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API