GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
DoS vulnerability in bundled XStream library in Jenkins Core
Moderate
CVE-2022-0538
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Feb 10, 2022
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23110
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Moderate
CVE-2022-23109
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jan 13, 2022
CSRF vulnerability in Jenkins batch task Plugin
Moderate
CVE-2022-23115
was published
for
org.jenkins-ci.plugins:batch-task
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Moderate
CVE-2022-23117
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23113
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23111
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Password stored in plain text by Jenkins Publish Over SSH Plugin
Low
CVE-2022-23114
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Moderate
CVE-2022-23116
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Stored XSS vulnerability in Jenkins Scriptler Plugin
Moderate
CVE-2021-21667
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Jan 6, 2022
Stored XSS vulnerability in Jenkins Scriptler Plugin
Moderate
CVE-2021-21668
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Jan 6, 2022
XXE vulnerability in Jenkins Selenium HTML report Plugin
Moderate
CVE-2021-21672
was published
for
org.jenkins-ci.plugins:seleniumhtmlreport
(Maven)
Jul 2, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin
Moderate
CVE-2021-21620
was published
for
org.jenkins-ci.plugins:claim
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins P4 plugin
Moderate
CVE-2021-21654
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Jun 16, 2021
CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials
High
CVE-2021-21652
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Cross-site Scripting in Jenkins Dashboard View Plugin
Moderate
CVE-2021-21649
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in Jenkins Credentials Plugin
Moderate
CVE-2021-21648
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Jun 16, 2021
Cross-site scripting in Jenkins Kiuwan Plugin
Moderate
CVE-2021-21666
was published
for
org.jenkins-ci.plugins:kiuwanJenkinsPlugin
(Maven)
Jun 16, 2021
ProTip!
Advisories are also available from the
GraphQL API