GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin
High
CVE-2022-30970
was published
for
org.jenkins-ci.plugins:autocomplete-parameter
(Maven)
May 18, 2022
Path traversal in Jenkins Mercurial Plugin
Low
CVE-2022-30948
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Application Detector Plugin
High
CVE-2022-30960
was published
for
org.jenkins-ci.plugins:app-detector
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins JDK Parameter Plugin
High
CVE-2022-30963
was published
for
org.jenkins-ci.plugins:JDK_Parameter_Plugin
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins vboxwrapper Plugin
High
CVE-2022-30968
was published
for
org.jenkins-ci.plugins:vboxwrapper
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin
High
CVE-2022-30962
was published
for
org.jenkins-ci.plugins:global-variable-string-parameter
(Maven)
May 18, 2022
Missing Authorization in Jenkins WMI Windows Agents plugin
Moderate
CVE-2022-30951
was published
for
org.jenkins-ci.plugins:windows-slaves
(Maven)
May 18, 2022
Cross site scripting in Jenkins Selection tasks Plugin
High
CVE-2022-30967
was published
for
org.jvnet.hudson.plugins:selection-tasks-plugin
(Maven)
May 18, 2022
Cross Site Request Forgery in Jenkins Storable Configs Plugin
High
CVE-2022-30972
was published
for
org.jvnet.hudson.plugins:storable-configs-plugin
(Maven)
May 18, 2022
Missing Authorization in Jenkins SSH plugin
High
CVE-2022-30959
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Cross-site Scripting in Jenkins Rundeck Plugin
High
CVE-2022-30956
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 18, 2022
CSRF vulnerability in Jenkins Script Security Plugin
Moderate
CVE-2022-30946
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 18, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
Buffer overflow in Jenkins WMI Windows Agents plugin
Moderate
CVE-2022-30950
was published
for
org.jenkins-ci.plugins:windows-slaves
(Maven)
May 18, 2022
Fortify Plugin stored credentials in plain text
Moderate
CVE-2020-2107
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
May 24, 2022
XXE vulnerability in Jenkins WebSphere Deployer Plugin
High
CVE-2020-2108
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin
High
CVE-2022-29039
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
Apr 13, 2022
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Moderate
CVE-2022-25193
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-29047
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Apr 13, 2022
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-25192
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Private key stored in plain text by Jenkins Google Compute Engine Plugin
Moderate
CVE-2022-29052
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Apr 13, 2022
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
High
CVE-2022-29045
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25212
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
ProTip!
Advisories are also available from the
GraphQL API