GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
High
CVE-2022-36902
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment
Moderate
CVE-2022-36889
was published
for
org.jenkins-ci.plugins:deployer-framework
(Maven)
Jul 28, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Missing Authorization in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34811
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34814
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Low
CVE-2022-34807
was published
for
org.jenkins-ci.plugins:elasticsearch-query
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Low
CVE-2022-34806
was published
for
org.jenkins-ci.plugins:jigomerge
(Maven)
Jul 1, 2022
Password stored in plain text by Jenkins RQM Plugin
Low
CVE-2022-34809
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Low
CVE-2022-34816
was published
for
org.jenkins-ci.plugins:hpe-network-virtualization
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Low
CVE-2022-34805
was published
for
org.jenkins-ci.plugins:skype-notifier
(Maven)
Jul 1, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin
Low
CVE-2022-34808
was published
for
org.jenkins-ci.plugins:cisco-spark
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34815
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
Moderate
CVE-2022-34810
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin
Moderate
CVE-2022-34817
was published
for
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34812
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins Rich Text Publisher Plugin
High
CVE-2022-34786
was published
for
org.jenkins-ci.plugins:rich-text-publisher-plugin
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins Validating Email Parameter Plugin
High
CVE-2022-34791
was published
for
io.jenkins.plugins:validating-email-parameter
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34797
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34798
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Moderate
CVE-2022-34780
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
Moderate
CVE-2022-34779
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins Recipe Plugin
High
CVE-2022-34794
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins requests-plugin
Moderate
CVE-2022-34782
was published
for
org.jenkins-ci.plugins:requests
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin
High
CVE-2022-34792
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API