Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2021-21699 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files Moderate
CVE-2021-21698 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault
Improper handling of equivalent directory names on Windows in Jenkins Moderate
CVE-2021-21682 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs Moderate
CVE-2021-21645 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault westonsteimel
CSRF vulnerability in Jenkins promoted builds Plugin Moderate
CVE-2021-21641 was published for org.jenkins-ci.plugins:promoted-builds (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21623 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests Moderate
CVE-2021-21674 was published for org.jenkins-ci.plugins:requests (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials Moderate
CVE-2021-21632 was published for org.jenkins-ci.plugins:dependency-track (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Cloud Statistics Plugin Moderate
CVE-2021-21631 was published for org.jenkins-ci.plugins:cloud-stats (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Extra Columns Plugin Moderate
CVE-2021-21630 was published for org.jenkins-ci.plugins:extra-columns (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin Moderate
CVE-2021-21622 was published for io.jenkins.plugins:artifact-repository-parameter (Maven) May 24, 2022
NotMyFault
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin Moderate
CVE-2022-30952 was published for io.jenkins.blueocean:blueocean-pipeline-scm-api (Maven) May 18, 2022
NotMyFault
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins notification bar Moderate
CVE-2021-21603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Visualworks Store Plugin Moderate
CVE-2020-2315 was published for org.jenkins-ci.plugins:visualworks-store (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration Moderate
CVE-2020-2311 was published for io.jenkins.plugins:aws-global-configuration (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs Moderate
CVE-2020-2310 was published for org.jenkins-ci.plugins:ansible (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Mercurial Plugin Moderate
CVE-2020-2305 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
NotMyFault westonsteimel
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page Moderate
CVE-2020-2302 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs Moderate
CVE-2020-2285 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Lockable Resources Plugin Moderate
CVE-2020-2281 was published for org.6wind.jenkins:lockable-resources (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins button labels Moderate
CVE-2021-21608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Arbitrary file existence check in file fingerprints in Jenkins Moderate
CVE-2021-21606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database