Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
57
GitHub Actions
50
Go
3,767
Maven
5,000+
npm
5,000+
NuGet
937
pip
4,999
Pub
13
RubyGems
1,058
Rust
1,347
Swift
54
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix High
CVE-2026-35582 was published for gov.nsa.emissary:emissary (Maven) Apr 13, 2026
blueandhack Credited to blueandhack
Emissary has a Command Injection via PLACE_NAME Configuration in Executrix High
CVE-2026-35581 was published for gov.nsa.emissary:emissary (Maven) Apr 8, 2026
BrennanTM Credited to BrennanTM
Jenkins Azure CLI Plugin does not restrict the commands it executes High
CVE-2025-64140 was published for org.jenkins-ci.plugins:azure-cli (Maven) Oct 29, 2025
Netty has SMTP Command Injection Vulnerability that Allows Email Forgery High
CVE-2025-59419 was published for io.netty:netty-codec-smtp (Maven) Oct 15, 2025
DepthFirstDisclosures Credited to DepthFirstDisclosures
Sandbox bypass in Jenkins Script Security Plugin High
CVE-2023-24422 was published for org.jenkins-ci.plugins:script-security (Maven) Jan 26, 2023
CrafterCMS Crafter Studio Improperly Controls Dynamically-Managed Code Resources High
CVE-2022-40634 was published for org.craftercms:crafter-studio (Maven) Sep 14, 2022
CrafterCMS OS Command Injection vulnerability High
CVE-2022-40635 was published for org.craftercms:craftercms (Maven) Sep 14, 2022
Apache Spark UI can allow impersonation if ACLs enabled High
CVE-2022-33891 was published for org.apache.spark:spark-parent_2.12 (Maven) Jul 19, 2022
alowayed Credited to alowayed
Code injection in Apache NiFi and NiFi Registry High
CVE-2022-33140 was published for org.apache.nifi.registry:nifi-registry-core (Maven) Jun 16, 2022
kurt-r2c Credited to kurt-r2c
System command execution vulnerability in Selection tasks Jenkins Plugin High
CVE-2020-2276 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
OS command execution vulnerability in Perfecto Plugin High
CVE-2020-2261 was published for io.jenkins.plugins:perfecto (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
OS command injection vulnerability in Jenkins Play Framework Plugin High
CVE-2020-2200 was published for org.jenkins-ci.plugins:play-autotest-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
OS command injection in CryptoMove Plugin High
CVE-2020-2159 was published for io.jenkins.plugins:cryptomove (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper Neutralization of Special Elements used in an OS Command in Jenkins Git Client Plugin High
CVE-2019-10392 was published for org.jenkins-ci.plugins:git-client (Maven) May 24, 2022
Neo4J vulnerable to Cross-Site Request Forgery High
CVE-2013-7259 was published for org.neo4j:neo4j (Maven) May 17, 2022
Arbitrary shell command execution in Jenkins EC2 Plugin High
CVE-2017-1000502 was published for org.jenkins-ci.plugins:ec2 (Maven) May 14, 2022
Apache James Server OS Command Injection High
CVE-2015-7611 was published for org.apache.james:james-server (Maven) May 14, 2022
Improper Neutralization of Special Elements used in an OS Command in Apache ActiveMQ High
CVE-2014-3576 was published for org.apache.activemq:activemq-client (Maven) May 14, 2022
sunSUNQ Credited to sunSUNQ
OS Command Injection in Jenkins High
CVE-2017-1000393 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ballcat-codegen template engine remote code execution injection High
CVE-2022-24881 was published for com.hccake:ballcat-codegen (Maven) Apr 27, 2022
LuckyT0mat0 Credited to LuckyT0mat0
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel Credited to westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel Credited to westonsteimel
Jenkins Pipeline: Multibranch Plugin vulnerable to OS Command Injection High
CVE-2022-25175 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
daniel-beck Credited to daniel-beck
OS command execution vulnerability in Jenkins Docker Commons Plugin High
CVE-2022-20617 was published for org.jenkins-ci.plugins:docker-commons (Maven) Jan 13, 2022
westonsteimel Credited to westonsteimel
Shell command injection in Apache Syncope High
CVE-2020-11977 was published for org.apache.syncope:syncope (Maven) Jun 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database