GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
CSRF vulnerability in MongoDB Plugin
Moderate
CVE-2020-2268
was published
for
org.jenkins-ci.plugins:mongodb
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36883
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36882
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
Jenkins Compuware Source Code Download is missing authorization
Moderate
CVE-2022-36896
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Jul 28, 2022
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Moderate
CVE-2022-36888
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jul 28, 2022
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
Moderate
CVE-2022-45385
was published
for
org.jenkins-ci.plugins:dockerhub-notification
(Maven)
Nov 16, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Moderate
CVE-2022-43424
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Oct 19, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Moderate
CVE-2022-43410
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
Oct 19, 2022
Cross-site Scripting in Jenkins Naginator Plugin
Moderate
CVE-2022-45382
was published
for
org.jenkins-ci.plugins:naginator
(Maven)
Nov 16, 2022
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Moderate
CVE-2022-43423
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin
Moderate
CVE-2022-43422
was published
for
com.compuware.jenkins:compuware-topaz-utilities
(Maven)
Oct 19, 2022
Cross-site Scripting in Jenkins Job Configuration History Plugin
Moderate
CVE-2022-38664
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Aug 24, 2022
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27204
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin
Moderate
CVE-2022-27207
was published
for
org.jenkins-ci.plugins:global-build-stats
(Maven)
Mar 16, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Moderate
CVE-2022-25197
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Cross-site Scripting in Jenkins Dashboard View Plugin
Moderate
CVE-2021-21649
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
Jun 16, 2021
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API