Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin Moderate
CVE-2020-2188 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials Moderate
CVE-2022-43418 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets Moderate
CVE-2022-23116 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Missing permission checks in Jekins Bitbucket Server Integration Plugin Moderate
CVE-2022-28134 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Mar 30, 2022
NotMyFault
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin Moderate
CVE-2022-34817 was published for de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34812 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Jenkins Matrix Reloaded Plugin vulnerable to CSRF Moderate
CVE-2022-34789 was published for net.praqma:matrix-reloaded (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34815 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41249 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials Moderate
CVE-2022-34781 was published for com.xebialabs.ci:xlrelease-plugin (Maven) Jul 1, 2022
NotMyFault
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check Moderate
CVE-2022-34810 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Missing webhook endpoint authorization in Jenkins Rundeck Plugin Moderate
CVE-2022-41234 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin Moderate
CVE-2022-36899 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials Moderate
CVE-2022-41250 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins Release Helper Plugin Moderate
CVE-2022-27215 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin Moderate
CVE-2022-27208 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27205 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Release Helper Plugin Moderate
CVE-2022-27214 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin Moderate
CVE-2022-27217 was published for com.vmware.vcac:vmware-vrealize-codestream (Maven) Mar 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database