GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Cross-site scripting in Jenkins Kiuwan Plugin
Moderate
CVE-2021-21666
was published
for
org.jenkins-ci.plugins:kiuwanJenkinsPlugin
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in Jenkins Credentials Plugin
Moderate
CVE-2021-21648
was published
for
org.jenkins-ci.plugins:credentials
(Maven)
Jun 16, 2021
Cross-site Scripting in Jenkins Dashboard View Plugin
Moderate
CVE-2021-21649
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins P4 plugin
Moderate
CVE-2021-21654
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Jun 16, 2021
Cross-Site Request Forgery in the Jenkins Claim plugin
Moderate
CVE-2021-21620
was published
for
org.jenkins-ci.plugins:claim
(Maven)
Jun 16, 2021
XXE vulnerability in Jenkins Selenium HTML report Plugin
Moderate
CVE-2021-21672
was published
for
org.jenkins-ci.plugins:seleniumhtmlreport
(Maven)
Jul 2, 2021
Stored XSS vulnerability in Jenkins Scriptler Plugin
Moderate
CVE-2021-21668
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Jan 6, 2022
Stored XSS vulnerability in Jenkins Scriptler Plugin
Moderate
CVE-2021-21667
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Jan 6, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows decrypting secrets
Moderate
CVE-2022-23116
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Moderate
CVE-2022-23117
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23113
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
CSRF vulnerability in Jenkins batch task Plugin
Moderate
CVE-2022-23115
was published
for
org.jenkins-ci.plugins:batch-task
(Maven)
Jan 13, 2022
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23111
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Moderate
CVE-2022-23109
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jan 13, 2022
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23110
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
DoS vulnerability in bundled XStream library in Jenkins Core
Moderate
CVE-2022-0538
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Feb 10, 2022
Request logging bypass in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2287
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
Feb 10, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin
Moderate
CVE-2022-25203
was published
for
com.sonymobile.jenkins.plugins.teamviews:team-views
(Maven)
Feb 16, 2022
Protection Mechanism Failure in Jenkins Doktor Plugin
Moderate
CVE-2022-25204
was published
for
by.dev.madhead.doktor:doktor
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API