GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin
Moderate
CVE-2022-43423
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin
Moderate
CVE-2022-43424
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-43407
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
High
CVE-2022-43432
was published
for
org.jenkins-ci.plugins:xframium
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-43425
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43406
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43401
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43404
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43405
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
High
CVE-2022-43435
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin
Moderate
CVE-2022-43422
was published
for
com.compuware.jenkins:compuware-topaz-utilities
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins REPO Plugin
High
CVE-2022-43415
was published
for
org.jenkins-ci.plugins:repo
(Maven)
Oct 19, 2022
API keys stored in plain text by Jenkins Katalon Plugin
Moderate
CVE-2022-43419
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin
High
CVE-2022-43434
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Oct 19, 2022
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin
Moderate
CVE-2022-43410
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
High
CVE-2022-43420
was published
for
org.jenkins-ci.plugins:contrast-continuous-application-security
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43430
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin
Low
CVE-2022-43426
was published
for
io.jenkins.plugins:s3explorer
(Maven)
Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials
Moderate
CVE-2022-43417
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials
Moderate
CVE-2022-43418
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted
Low
CVE-2022-41247
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API