Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Missing Authorization in Jenkins P4 plugin Moderate
CVE-2021-21654 was published for org.jenkins-ci.plugins:p4 (Maven) Jun 16, 2021
NotMyFault
Cross-Site Request Forgery in Jenkins Credentials Plugin Moderate
CVE-2021-21648 was published for org.jenkins-ci.plugins:credentials (Maven) Jun 16, 2021
NotMyFault westonsteimel
Cross-site scripting in Jenkins Kiuwan Plugin Moderate
CVE-2021-21666 was published for org.jenkins-ci.plugins:kiuwanJenkinsPlugin (Maven) Jun 16, 2021
NotMyFault
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21667 was published for org.jenkins-ci.plugins:scriptler (Maven) Jan 6, 2022
NotMyFault
CSRF vulnerability in Jenkins batch task Plugin Moderate
CVE-2022-23115 was published for org.jenkins-ci.plugins:batch-task (Maven) Jan 13, 2022
NotMyFault
Path traversal vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23113 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Git Plugin Moderate
CVE-2021-21684 was published for org.jenkins-ci.plugins:git (Maven) May 24, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23111 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23110 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
User passwords transmitted in plain text by Jenkins Active Directory Plugin Moderate
CVE-2022-23105 was published for org.jenkins-ci.plugins:active-directory (Maven) Jan 13, 2022
NotMyFault
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Cross-site Scripting in Jenkins Dashboard View Plugin Moderate
CVE-2021-21649 was published for org.jenkins-ci.plugins:dashboard-view (Maven) Jun 16, 2021
NotMyFault westonsteimel
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Observable timing discrepancy allows determining username validity in Jenkins Moderate
CVE-2022-34174 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files Moderate
CVE-2022-25197 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin Moderate
CVE-2022-27207 was published for org.jenkins-ci.plugins:global-build-stats (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27204 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Cross-site Scripting in Jenkins Job Configuration History Plugin Moderate
CVE-2022-38664 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Aug 24, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin Moderate
CVE-2022-43410 was published for org.jenkins-ci.plugins:mercurial (Maven) Oct 19, 2022
NotMyFault
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database