GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36906
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36907
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36908
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin
High
CVE-2022-36905
was published
for
eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin
(Maven)
Jul 28, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
High
CVE-2022-36920
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment
Moderate
CVE-2022-36889
was published
for
org.jenkins-ci.plugins:deployer-framework
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
High
CVE-2022-36902
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
Jul 28, 2022
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
High
CVE-2022-36894
was published
for
org.jenkins-ci.plugins:clif-performance-testing
(Maven)
Jul 28, 2022
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Jenkins Compuware Source Code Download is missing authorization
Moderate
CVE-2022-36896
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Jul 28, 2022
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Moderate
CVE-2022-36888
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36883
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36882
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Low
CVE-2022-38665
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
Aug 24, 2022
Cross-site Scripting in Jenkins Job Configuration History Plugin
Moderate
CVE-2022-38664
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Aug 24, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
API token stored in plain text by Jenkins CONS3RT Plugin
Low
CVE-2022-41255
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
Moderate
CVE-2022-41252
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials
Moderate
CVE-2022-41254
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
Moderate
CVE-2022-41253
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Low
CVE-2022-41248
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API