Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

335 advisories

Loading
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin Moderate
CVE-2022-45398 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
NotMyFault
XML External Entity Reference in Jenkins Violations Plugin Moderate
CVE-2022-45386 was published for org.jenkins-ci.plugins:violations (Maven) Nov 16, 2022
NotMyFault
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords Moderate
CVE-2022-45384 was published for org.jenkins-ci.main:reverse-proxy-auth-plugin (Maven) Nov 16, 2022
NotMyFault
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally Moderate
CVE-2022-45391 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Missing permission check in Jenkins Delete log Plugin Moderate
CVE-2022-45394 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Delete log Plugin Moderate
CVE-2022-45393 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-45392 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-38666 was published for org.jenkins-ci.main:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials Moderate
CVE-2022-43418 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin Moderate
CVE-2022-43410 was published for org.jenkins-ci.plugins:mercurial (Maven) Oct 19, 2022
NotMyFault
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Missing hostname validation in Jenkins View26 Test-Reporting Plugin Moderate
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials Moderate
CVE-2022-41245 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41227 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API