Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
CSRF vulnerability in Jenkins Security Inspector plugin Moderate
CVE-2022-41236 was published for org.jenkins-ci.plugins:security-inspector (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41227 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials Moderate
CVE-2022-41245 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41253 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41249 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
XWiki Cross-Site Request Forgery (CSRF) for actions on tags Moderate
CVE-2022-36095 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Sep 16, 2022
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp Moderate
CVE-2022-28731 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint Moderate
CVE-2022-36886 was published for org.jenkins-ci.plugins:external-monitor-job (Maven) Jul 28, 2022
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints Moderate
CVE-2022-36887 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Google Cloud Backup Plugin Moderate
CVE-2022-36916 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36906 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36908 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34812 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin Moderate
CVE-2022-34817 was published for de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34815 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Jenkins Matrix Reloaded Plugin vulnerable to CSRF Moderate
CVE-2022-34789 was published for net.praqma:matrix-reloaded (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34797 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials Moderate
CVE-2022-34780 was published for com.xebialabs.ci:xlrelease-plugin (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin Moderate
CVE-2022-34205 was published for org.jenkins-ci.plugins:jianliao (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Beaker builder Plugin Moderate
CVE-2022-34207 was published for org.jenkins-ci.plugins:beaker-builder (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins ThreadFix Plugin Moderate
CVE-2022-34209 was published for org.jenkins-ci.plugins:threadfix (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin Moderate
CVE-2022-34211 was published for org.jenkins-ci.plugins:vmware-vrealize-orchestrator (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins EasyQA Plugin Moderate
CVE-2022-34203 was published for com.geteasyqa:easyqa (Maven) Jun 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database