GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
Stored XSS vulnerability in Jenkins Checkmarx Plugin
High
CVE-2022-46684
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Dec 12, 2022
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45401
was published
for
org.jenkins-ci.main:associated-files-plugin
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins JAPEX Plugin
High
CVE-2022-45400
was published
for
org.jvnet.hudson.plugins:japex
(Maven)
Nov 16, 2022
Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45387
was published
for
org.jenkins-ci.plugins:bart
(Maven)
Nov 16, 2022
Jenkins Config Rotator Plugin vulnerable to path traversal
High
CVE-2022-45388
was published
for
org.jenkins-ci.main:config-rotator
(Maven)
Nov 16, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
High
CVE-2022-45381
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
Nov 16, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-43425
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
High
CVE-2022-43432
was published
for
org.jenkins-ci.plugins:xframium
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin
High
CVE-2022-43433
was published
for
io.jenkins.plugins:screenrecorder
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-43407
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43405
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43404
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43406
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43401
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
High
CVE-2022-43435
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins REPO Plugin
High
CVE-2022-43415
was published
for
org.jenkins-ci.plugins:repo
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43430
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
High
CVE-2022-43420
was published
for
org.jenkins-ci.plugins:contrast-continuous-application-security
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin
High
CVE-2022-43434
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Oct 19, 2022
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
High
CVE-2022-41225
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting
High
CVE-2022-41229
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API