GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Cross-Site Request Forgery in Jenkins
High
CVE-2020-2160
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Credentials transmitted in plain text by Skytap Cloud CI Plugin
Low
CVE-2020-2157
was published
for
org.jenkins-ci.plugins:skytap
(Maven)
May 24, 2022
OS command injection in CryptoMove Plugin
High
CVE-2020-2159
was published
for
io.jenkins.plugins:cryptomove
(Maven)
May 24, 2022
Remote Code Execution vulnerability in Jenkins Literate Plugin
High
CVE-2020-2158
was published
for
org.jenkins-ci.plugins:literate
(Maven)
May 24, 2022
Jenkins Zephyr for JIRA Test Management Plugin stores credentials in plain text
Low
CVE-2020-2154
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Jenkins Subversion Release Manager Plugin vulnerable to cross-site scripting (XSS)
Moderate
CVE-2020-2152
was published
for
org.jvnet.hudson.plugins:svn-release-mgr
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins DeployHub Plugin
Low
CVE-2020-2156
was published
for
com.openmake:deployhub
(Maven)
May 24, 2022
Missing SSH host key validation in Mac Plugin
Moderate
CVE-2020-2146
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
Missing permission checks in Mac Plugin
Moderate
CVE-2020-2148
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
Credentials transmitted in plain text by Backlog Plugin
Low
CVE-2020-2153
was published
for
org.jenkins-ci.plugins:backlog
(Maven)
May 24, 2022
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Credentials transmitted in plain text by Jenkins Logstash Plugin
Low
CVE-2020-2143
was published
for
org.jenkins-ci.plugins:logstash
(Maven)
May 24, 2022
Missing permission checks in Jenkins P4 Plugin
Moderate
CVE-2020-2142
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Credentials stored in plain text by Zephyr Enterprise Test Management Plugin
Low
CVE-2020-2145
was published
for
org.jenkins-ci.plugins:zephyr-enterprise-test-management
(Maven)
May 24, 2022
Jenkins Sonar Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2150
was published
for
org.jenkins-ci.plugins:sonar-quality-gates
(Maven)
May 24, 2022
Jenkins Quality Gates Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2151
was published
for
org.jenkins-ci.plugins:quality-gates
(Maven)
May 24, 2022
CSRF vulnerability in Mac Plugin
Moderate
CVE-2020-2147
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
XXE vulnerability in Rundeck Plugin
High
CVE-2020-2144
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Cobertura Plugin
High
CVE-2020-2138
was published
for
org.jenkins-ci.plugins:cobertura
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins P4 Plugin
Moderate
CVE-2020-2141
was published
for
org.jenkins-ci.plugins:p4
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Timestamper Plugin
Moderate
CVE-2020-2137
was published
for
org.jenkins-ci.plugins:timestamper
(Maven)
May 24, 2022
XSS vulnerability in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2140
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
May 24, 2022
Arbitrary file write vulnerability in Jenkins Cobertura Plugin
Moderate
CVE-2020-2139
was published
for
org.jenkins-ci.plugins:cobertura
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API