Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,330
Erlang
31
GitHub Actions
21
Go
2,091
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
CSRF vulnerability in Jenkins Swarm Plugin Moderate
CVE-2020-2192 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Compact Columns Plugin Moderate
CVE-2020-2195 was published for org.jenkins-ci.plugins:compact-columns (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21700 was published for org.jenkins-ci.plugins:scriptler (Maven) May 24, 2022
NotMyFault
Incorrect default pattern in Jenkins Audit Trail Plugin Moderate
CVE-2020-2288 was published for org.jenkins-ci.plugins:audit-trail (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22512 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Improper permission checks allow canceling queue items and aborting builds in Jenkins Moderate
CVE-2021-21670 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Moderate
CVE-2021-21643 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22511 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
View name validation bypass in Jenkins Moderate
CVE-2021-21640 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin Moderate
CVE-2021-21634 was published for org.jvnet.hudson.plugins:jabber (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs Moderate
CVE-2021-21625 was published for org.jenkins-ci.plugins:aws-credentials (Maven) May 24, 2022
NotMyFault
Incorrect permission check in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2258 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin Moderate
CVE-2022-27200 was published for io.jenkins.plugins:folder-auth (Maven) Mar 16, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin Moderate
CVE-2022-28146 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
Missing permission check in Jenkins JiraTestResultReporter Plugin Moderate
CVE-2022-28137 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins Queue cleanup Plugin Moderate
CVE-2020-2169 was published for org.jenkins-ci.plugins:queue-cleanup (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Blue Ocean Plugin Moderate
CVE-2022-30954 was published for io.jenkins.blueocean:blueocean-parent (Maven) May 18, 2022
NotMyFault
Missing permission checks in Jenkins P4 Plugin Moderate
CVE-2020-2142 was published for org.jenkins-ci.plugins:p4 (Maven) May 24, 2022
NotMyFault
Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS) Moderate
CVE-2020-2112 was published for org.jenkins-ci.tools:git-parameter (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins requests-plugin Plugin allows sending emails Moderate
CVE-2021-21676 was published for org.jenkins-ci.plugins:requests (Maven) May 24, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin Moderate
CVE-2022-27196 was published for org.jvnet.hudson.plugins:favorite (Maven) Mar 16, 2022
NotMyFault
Missing permission checks in Jenkins ElasTest Plugin Moderate
CVE-2020-2272 was published for org.jenkins-ci.plugins:elastest (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin Moderate
CVE-2022-25185 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Feb 16, 2022
NotMyFault
Stored XSS vulnerability in Jenkins VncRecorder Plugin Moderate
CVE-2020-2205 was published for org.jenkins-ci.plugins:vncrecorder (Maven) May 24, 2022
NotMyFault
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database