Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files Moderate
CVE-2021-21698 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2021-21699 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins GitLab Plugin Moderate
CVE-2022-30955 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Jenkins CVS Plugin Moderate
CVE-2020-2184 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Build With Parameters Plugin Moderate
CVE-2021-21628 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files Moderate
CVE-2021-21644 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Open redirect vulnerability in Jenkins CAS Plugin Moderate
CVE-2021-21673 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22513 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
XXE vulnerability in Jenkins Subversion Plugin Moderate
CVE-2020-2304 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Code Coverage API Plugin Moderate
CVE-2020-2106 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs Moderate
CVE-2020-2313 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Timestamper Plugin Moderate
CVE-2020-2137 was published for org.jenkins-ci.plugins:timestamper (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins REST List Parameter Plugin Moderate
CVE-2021-21635 was published for io.jenkins.plugins:rest-list-parameter (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21624 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Cross Site Request Forgery in Jenkins Blue Ocean Plugin Moderate
CVE-2022-30953 was published for io.jenkins.blueocean:blueocean-parent (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Liquibase Runner Plugin Moderate
CVE-2020-2283 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Jenkins Active Directory Plugin Moderate
CVE-2020-2303 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Mac Plugin Moderate
CVE-2020-2147 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin Moderate
CVE-2020-2282 was published for org.jenkins-ci.plugins:implied-labels (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2094 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Blue Ocean Plugin Moderate
CVE-2020-2255 was published for io.jenkins.blueocean:blueocean (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2093 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database