Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

210 advisories

Loading
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins CVS Plugin High
CVE-2020-2324 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin High
CVE-2021-22510 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins upstream cause High
CVE-2020-2221 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins 'keep forever' badge icon High
CVE-2020-2222 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins Cross-site Scripting vulnerability in project naming strategy High
CVE-2020-2230 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin High
CVE-2020-2226 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin High
CVE-2020-2225 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name High
CVE-2020-2256 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin High
CVE-2020-2236 was published for com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Build With Parameters Plugin High
CVE-2021-21629 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Rundeck Plugin High
CVE-2020-2144 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
NotMyFault
RCE vulnerability in RadarGun Plugin High
CVE-2020-2123 was published for org.jenkins-ci.plugins:radargun (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Cobertura Plugin High
CVE-2020-2138 was published for org.jenkins-ci.plugins:cobertura (Maven) May 24, 2022
NotMyFault
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin High
CVE-2021-21642 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2021-21677 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API