GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials
Moderate
CVE-2022-41250
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41249
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Low
CVE-2022-41248
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
API token stored in plain text by Jenkins CONS3RT Plugin
Low
CVE-2022-41255
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Cross-site Scripting in Jenkins Job Configuration History Plugin
Moderate
CVE-2022-38664
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Aug 24, 2022
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin
Low
CVE-2022-38665
was published
for
org.jenkins-ci.plugins:collabnet
(Maven)
Aug 24, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36883
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Moderate
CVE-2022-36888
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36882
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36911
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Missing permission checks in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36912
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins Google Cloud Backup Plugin
Moderate
CVE-2022-36916
was published
for
org.jenkins-ci.plugins:google-cloud-backup
(Maven)
Jul 28, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36909
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Missing permission check in Coverity Plugin allows capturing credentials
High
CVE-2022-36921
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF)
High
CVE-2022-36920
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin
High
CVE-2022-36902
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
Jul 28, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Jenkins Compuware Source Code Download is missing authorization
Moderate
CVE-2022-36896
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Jul 28, 2022
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
High
CVE-2022-36894
was published
for
org.jenkins-ci.plugins:clif-performance-testing
(Maven)
Jul 28, 2022
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment
Moderate
CVE-2022-36889
was published
for
org.jenkins-ci.plugins:deployer-framework
(Maven)
Jul 28, 2022
ProTip!
Advisories are also available from the
GraphQL API