GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41227
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Moderate
CVE-2022-41245
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability
Moderate
CVE-2022-41233
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Lack of authentication mechanism in Jenkins DotCi Plugin webhook
Moderate
CVE-2022-41238
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization
Moderate
CVE-2022-41228
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Security Inspector plugin
Moderate
CVE-2022-41236
was published
for
org.jenkins-ci.plugins:security-inspector
(Maven)
Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin
Moderate
CVE-2022-41234
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
CSRF vulnerability and mM
Moderate
CVE-2022-41246
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Path traversal in Jenkins build-publisher Plugin
Moderate
CVE-2022-41231
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Missing permission check in Jenkins build-publisher Plugin
Moderate
CVE-2022-41230
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Moderate
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials
Moderate
CVE-2022-43417
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials
Moderate
CVE-2022-43418
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Moderate
CVE-2022-43410
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin
Moderate
CVE-2022-43422
was published
for
com.compuware.jenkins:compuware-topaz-utilities
(Maven)
Oct 19, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Moderate
CVE-2022-43424
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Moderate
CVE-2022-43423
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Oct 19, 2022
Cross-site Scripting in Jenkins Naginator Plugin
Moderate
CVE-2022-45382
was published
for
org.jenkins-ci.plugins:naginator
(Maven)
Nov 16, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
Moderate
CVE-2022-45397
was published
for
org.jenkins-ci:update-center2
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins SourceMonitor Plugin
Moderate
CVE-2022-45396
was published
for
com.thalesgroup.hudson.plugins:sourcemonitor
(Maven)
Nov 16, 2022
ProTip!
Advisories are also available from the
GraphQL API