GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2021-21696
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
XXE vulnerability in Jenkins CVS Plugin
High
CVE-2020-2324
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
May 24, 2022
Path traversal vulnerability in Jenkins agent names
High
CVE-2021-21605
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Libvirt Agents Plugin
High
CVE-2021-21627
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
High
CVE-2021-22510
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin
High
CVE-2021-21646
was published
for
org.jenkins-ci.plugins:templating-engine
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins upstream cause
High
CVE-2020-2221
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
High
CVE-2020-2222
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Jenkins Cross-site Scripting vulnerability in project naming strategy
High
CVE-2020-2230
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin
High
CVE-2021-21617
was published
for
org.jenkins-ci.plugins:configurationslicing
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
High
CVE-2020-2226
was published
for
org.jenkins-ci.plugins:matrix-auth
(Maven)
May 24, 2022
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
High
CVE-2020-2225
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
May 24, 2022
Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
High
CVE-2020-2256
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
High
CVE-2020-2236
was published
for
com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Build With Parameters Plugin
High
CVE-2021-21629
was published
for
org.jenkins-ci.plugins:build-with-parameters
(Maven)
May 24, 2022
XXE vulnerability in Rundeck Plugin
High
CVE-2020-2144
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
RCE vulnerability in RadarGun Plugin
High
CVE-2020-2123
was published
for
org.jenkins-ci.plugins:radargun
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Cobertura Plugin
High
CVE-2020-2138
was published
for
org.jenkins-ci.plugins:cobertura
(Maven)
May 24, 2022
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21679
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
Jenkins SAML Plugin allows bypassing CSRF protection for any URL
High
CVE-2021-21678
was published
for
org.jenkins-ci.plugins:saml
(Maven)
May 24, 2022
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin
High
CVE-2021-21642
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2021-21677
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
Improper handling of REST API XML deserialization errors in Jenkins
High
CVE-2021-21604
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API