Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21663 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins Markdown Formatter Plugin Moderate
CVE-2021-21660 was published for io.jenkins.plugins:markdown-formatter (Maven) May 24, 2022
NotMyFault aruneko
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs Moderate
CVE-2021-21645 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault westonsteimel
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Moderate
CVE-2021-21643 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files Moderate
CVE-2021-21644 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22512 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22511 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Missing permission checks in Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22513 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Lack of type validation in agent related REST API in Jenkins Moderate
CVE-2021-21639 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins promoted builds Plugin Moderate
CVE-2021-21641 was published for org.jenkins-ci.plugins:promoted-builds (Maven) May 24, 2022
NotMyFault
View name validation bypass in Jenkins Moderate
CVE-2021-21640 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin Moderate
CVE-2021-21634 was published for org.jvnet.hudson.plugins:jabber (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials Moderate
CVE-2021-21632 was published for org.jenkins-ci.plugins:dependency-track (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Team Foundation Server Plugin allow capturing credentials Moderate
CVE-2021-21637 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Team Foundation Server Plugin allows enumerating credentials IDs Moderate
CVE-2021-21636 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins REST List Parameter Plugin Moderate
CVE-2021-21635 was published for io.jenkins.plugins:rest-list-parameter (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Cloud Statistics Plugin Moderate
CVE-2021-21631 was published for org.jenkins-ci.plugins:cloud-stats (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Extra Columns Plugin Moderate
CVE-2021-21630 was published for org.jenkins-ci.plugins:extra-columns (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Build With Parameters Plugin Moderate
CVE-2021-21628 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21624 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs Moderate
CVE-2021-21625 was published for org.jenkins-ci.plugins:aws-credentials (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents Moderate
CVE-2021-21626 was published for io.jenkins.plugins:warnings-ng (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21623 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database