Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin High
CVE-2022-36902 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) Jul 28, 2022
NotMyFault
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Jenkins Compuware Source Code Download is missing authorization Moderate
CVE-2022-36896 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Jul 28, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin Moderate
CVE-2022-36899 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
NotMyFault
Missing Authorization in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34811 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34814 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin Low
CVE-2022-34807 was published for org.jenkins-ci.plugins:elasticsearch-query (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Jigomerge Plugin Low
CVE-2022-34806 was published for org.jenkins-ci.plugins:jigomerge (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Skype notifier Plugin Low
CVE-2022-34805 was published for org.jenkins-ci.plugins:skype-notifier (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34812 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check Moderate
CVE-2022-34810 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin Low
CVE-2022-34816 was published for org.jenkins-ci.plugins:hpe-network-virtualization (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin Moderate
CVE-2022-34817 was published for de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34815 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Token stored in plain text by Jenkins Cisco Spark Plugin Low
CVE-2022-34808 was published for org.jenkins-ci.plugins:cisco-spark (Maven) Jul 1, 2022
NotMyFault
Password stored in plain text by Jenkins RQM Plugin Low
CVE-2022-34809 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Missing Authorization in Jenkins Recipe Plugin High
CVE-2022-34794 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins Deployment Dashboard Plugin High
CVE-2022-34795 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34797 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
XML External Entity Reference in Jenkins Recipe Plugin High
CVE-2022-34793 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins Rich Text Publisher Plugin High
CVE-2022-34786 was published for org.jenkins-ci.plugins:rich-text-publisher-plugin (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins Validating Email Parameter Plugin High
CVE-2022-34791 was published for io.jenkins.plugins:validating-email-parameter (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins requests-plugin Moderate
CVE-2022-34782 was published for org.jenkins-ci.plugins:requests (Maven) Jul 1, 2022
NotMyFault
Missing Authorization in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34798 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs Moderate
CVE-2022-34779 was published for com.xebialabs.ci:xlrelease-plugin (Maven) Jul 1, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database