Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization Moderate
CVE-2022-25193 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-29047 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin High
CVE-2022-29039 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Apr 13, 2022
NotMyFault
XXE vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2020-2108 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
NotMyFault
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Buffer overflow in Jenkins WMI Windows Agents plugin Moderate
CVE-2022-30950 was published for org.jenkins-ci.plugins:windows-slaves (Maven) May 18, 2022
NotMyFault
CSRF vulnerability in Jenkins Script Security Plugin Moderate
CVE-2022-30946 was published for org.jenkins-ci.plugins:script-security (Maven) May 18, 2022
NotMyFault
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault
Missing Authorization in Jenkins SSH plugin High
CVE-2022-30959 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
NotMyFault
Cross Site Request Forgery in Jenkins Storable Configs Plugin High
CVE-2022-30972 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Rundeck Plugin High
CVE-2022-30956 was published for org.jenkins-ci.plugins:rundeck (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin High
CVE-2022-30962 was published for org.jenkins-ci.plugins:global-variable-string-parameter (Maven) May 18, 2022
NotMyFault
Missing Authorization in Jenkins WMI Windows Agents plugin Moderate
CVE-2022-30951 was published for org.jenkins-ci.plugins:windows-slaves (Maven) May 18, 2022
NotMyFault
Cross site scripting in Jenkins Selection tasks Plugin High
CVE-2022-30967 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins JDK Parameter Plugin High
CVE-2022-30963 was published for org.jenkins-ci.plugins:JDK_Parameter_Plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins vboxwrapper Plugin High
CVE-2022-30968 was published for org.jenkins-ci.plugins:vboxwrapper (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Application Detector Plugin High
CVE-2022-30960 was published for org.jenkins-ci.plugins:app-detector (Maven) May 18, 2022
NotMyFault
XML External Entity Reference in Jenkins Storable Configs Plugin High
CVE-2022-30971 was published for org.jvnet.hudson.plugins:storable-configs-plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30970 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Path traversal in Jenkins Mercurial Plugin Low
CVE-2022-30948 was published for org.jenkins-ci.plugins:mercurial (Maven) May 18, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database