GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
8 advisories
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
Files or Directories Accessible to External Parties in org.springframework:spring-core
High
CVE-2015-5211
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
ProTip!
Advisories are also available from the
GraphQL API