Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
47
Go
3,340
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,549
Pub
12
RubyGems
1,012
Rust
1,202
Swift
51
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Loading
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Request logging bypass in Jenkins Audit Trail Plugin Moderate
CVE-2020-2287 was published for org.jenkins-ci.plugins:audit-trail (Maven) Feb 10, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2290 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2289 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper permission checks in Jenkins Copy Artifact Plugin Moderate
CVE-2020-2183 was published for org.jenkins-ci.plugins:copyartifact (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
XSS vulnerability in Jenkins Markdown Formatter Plugin Moderate
CVE-2021-21660 was published for io.jenkins.plugins:markdown-formatter (Maven) May 24, 2022
NotMyFault Credited to NotMyFault and aruneko aruneko aruneko
Lack of type validation in agent related REST API in Jenkins Moderate
CVE-2021-21639 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2021-21616 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows enumerating credentials IDs Moderate
CVE-2021-21662 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Path traversal vulnerability on Windows in Jenkins Moderate
CVE-2021-21683 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
DoS vulnerability in bundled XStream library in Jenkins Core Moderate
CVE-2022-0538 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 10, 2022
NotMyFault Credited to NotMyFault
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins Diagnostic page exposed session cookies Moderate
CVE-2020-2103 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins vulnerable to UDP amplification reflection attack Moderate
CVE-2020-2100 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins Amazon EC2 Plugin Moderate
CVE-2020-2091 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Secrets are not masked by Jenkins Credentials Binding Plugin in builds without build steps Moderate
CVE-2020-2181 was published for org.jenkins-ci.plugins:credentials-binding (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing Authorization in Jenkins P4 plugin Moderate
CVE-2021-21654 was published for org.jenkins-ci.plugins:p4 (Maven) Jun 16, 2021
NotMyFault Credited to NotMyFault
Cross-Site Request Forgery in Jenkins Credentials Plugin Moderate
CVE-2021-21648 was published for org.jenkins-ci.plugins:credentials (Maven) Jun 16, 2021
NotMyFault Credited to NotMyFault and westonsteimel westonsteimel westonsteimel
Cross-site scripting in Jenkins Kiuwan Plugin Moderate
CVE-2021-21666 was published for org.jenkins-ci.plugins:kiuwanJenkinsPlugin (Maven) Jun 16, 2021
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Scriptler Plugin Moderate
CVE-2021-21667 was published for org.jenkins-ci.plugins:scriptler (Maven) Jan 6, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Jenkins batch task Plugin Moderate
CVE-2022-23115 was published for org.jenkins-ci.plugins:batch-task (Maven) Jan 13, 2022
NotMyFault Credited to NotMyFault
Path traversal vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23113 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Git Plugin Moderate
CVE-2021-21684 was published for org.jenkins-ci.plugins:git (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23111 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database