GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin
Moderate
CVE-2022-25184
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
Feb 16, 2022
Path traversal vulnerability in Jenkins Fortify Plugin
Moderate
CVE-2022-25188
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
Feb 16, 2022
Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs
Moderate
CVE-2022-25190
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Feb 16, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-25192
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Moderate
CVE-2022-25193
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Open redirect vulnerability in Jenkins GitLab Authentication Plugin
Moderate
CVE-2022-25196
was published
for
org.jenkins-ci.plugins:gitlab-oauth
(Maven)
Feb 16, 2022
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files
Moderate
CVE-2022-25197
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials
Moderate
CVE-2022-25200
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) Plugin
Moderate
CVE-2022-25202
was published
for
org.jenkins-ci.plugins:promoted-builds-simple
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials
Moderate
CVE-2022-25201
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Feb 16, 2022
Protection Mechanism Failure in Jenkins Doktor Plugin
Moderate
CVE-2022-25204
was published
for
by.dev.madhead.doktor:doktor
(Maven)
Feb 16, 2022
Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin
Moderate
CVE-2022-25203
was published
for
com.sonymobile.jenkins.plugins.teamviews:team-views
(Maven)
Feb 16, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Request logging bypass in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2287
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
Feb 10, 2022
DoS vulnerability in bundled XStream library in Jenkins Core
Moderate
CVE-2022-0538
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Feb 10, 2022
Cross-Site Request Forgery in Jenkins Mailer Plugin
Moderate
CVE-2022-20613
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
User passwords transmitted in plain text by Jenkins Active Directory Plugin
Moderate
CVE-2022-23105
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
Jan 13, 2022
Improper credentials masking in Jenkins HashiCorp Vault Plugin
Moderate
CVE-2022-23109
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jan 13, 2022
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23110
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Moderate
CVE-2022-23117
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Path traversal vulnerability in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23113
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
CSRF vulnerability in Jenkins batch task Plugin
Moderate
CVE-2022-23115
was published
for
org.jenkins-ci.plugins:batch-task
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API