GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Plaintext storage in Jenkins instant-messaging Plugin
Moderate
CVE-2022-28135
was published
for
org.jvnet.hudson.plugins:instant-messaging
(Maven)
Mar 30, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28138
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28151
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28147
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28148
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28152
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28159
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28160
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin
Moderate
CVE-2022-27196
was published
for
org.jvnet.hudson.plugins:favorite
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin
Moderate
CVE-2022-27197
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin
Moderate
CVE-2022-27200
was published
for
io.jenkins.plugins:folder-auth
(Maven)
Mar 16, 2022
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27204
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin
Moderate
CVE-2022-27203
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin
Moderate
CVE-2022-27217
was published
for
com.vmware.vcac:vmware-vrealize-codestream
(Maven)
Mar 16, 2022
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27205
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
Moderate
CVE-2022-27209
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
CSRF vulnerability in Jenkins Release Helper Plugin
Moderate
CVE-2022-27214
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin
Moderate
CVE-2022-27212
was published
for
org.jenkins-ci.plugins:list-git-branches-parameter
(Maven)
Mar 16, 2022
Passwords stored in plain text by Jenkins dbCharts Plugin
Moderate
CVE-2022-27216
was published
for
org.jenkins-ci.plugins:dbCharts
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
Moderate
CVE-2022-27207
was published
for
org.jenkins-ci.plugins:global-build-stats
(Maven)
Mar 16, 2022
Missing permission checks in Jenkins Release Helper Plugin
Moderate
CVE-2022-27215
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin
Moderate
CVE-2022-27208
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin
Moderate
CVE-2022-27218
was published
for
com.incapptic.plugins:incapptic-connect-uploader
(Maven)
Mar 16, 2022
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Moderate
CVE-2022-25184
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API