Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,207
NuGet
743
pip
3,979
Pub
12
RubyGems
947
Rust
1,034
Swift
45
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin High
CVE-2022-45381 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) Nov 16, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin High
CVE-2022-43409 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) Oct 19, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin Moderate
CVE-2022-43410 was published for org.jenkins-ci.plugins:mercurial (Maven) Oct 19, 2022
NotMyFault
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate
CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022
NotMyFault
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component High
CVE-2022-41224 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 22, 2022
NotMyFault
Jenkins Compuware Source Code Download is missing authorization Moderate
CVE-2022-36896 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Jul 28, 2022
NotMyFault
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36884 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
CSRF vulnerability in MongoDB Plugin Moderate
CVE-2020-2268 was published for org.jenkins-ci.plugins:mongodb (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database