GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
High
CVE-2021-21652
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra
High
CVE-2022-25209
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE
High
CVE-2022-25208
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE
High
CVE-2022-25207
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Missing Authorization in Jenkins dbCharts Plugin
High
CVE-2022-25206
was published
for
org.jenkins-ci.plugins:dbCharts
(Maven)
Feb 16, 2022
Cross-Site Request Forgery in Jenkins dbCharts Plugin
High
CVE-2022-25205
was published
for
org.jenkins-ci.plugins:dbCharts
(Maven)
Feb 16, 2022
Missing permission check in Jenkins SCP publisher Plugin
High
CVE-2022-25199
was published
for
org.jenkins-ci.plugins:scp
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins SCP publisher Plugin
High
CVE-2022-25198
was published
for
org.jenkins-ci.plugins:scp
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins autonomiq plugin
High
CVE-2022-25194
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin
High
CVE-2022-25191
was published
for
io.jenkins.plugins:agent-server-parameter
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-25189
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Feb 16, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27211
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin
High
CVE-2022-27213
was published
for
io.jenkins.plugins:environment-dashboard
(Maven)
Mar 16, 2022
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27210
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin
High
CVE-2022-27202
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin
High
CVE-2022-27198
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin
High
CVE-2022-27201
was published
for
org.jenkins-ci.plugins:semantic-versioning-plugin
(Maven)
Mar 16, 2022
Cross-Site Request Forgery in Jenkins P4 Plugin
High
CVE-2021-21655
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Mar 18, 2022
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
High
CVE-2022-28149
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Cross site request forgery in Jenkins Job and Node ownership Plugin
High
CVE-2022-28150
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
High
CVE-2022-28145
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High
CVE-2022-28136
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
High
CVE-2022-28155
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
High
CVE-2022-29049
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
ProTip!
Advisories are also available from the
GraphQL API