Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
API token stored in plain text by Jenkins CONS3RT Plugin Low
CVE-2022-41255 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41253 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41254 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs Moderate
CVE-2022-41252 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Job Configuration History Plugin Moderate
CVE-2022-38664 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Aug 24, 2022
NotMyFault
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate
CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36884 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Jenkins Compuware Source Code Download is missing authorization Moderate
CVE-2022-36896 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Jul 28, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin High
CVE-2022-36902 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36907 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin High
CVE-2022-36905 was published for eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36908 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36906 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Google Cloud Backup Plugin Moderate
CVE-2022-36916 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database