Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Stored XSS vulnerability in Jenkins Generic Webhook Trigger Plugin Moderate
CVE-2022-25185 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Feb 16, 2022
NotMyFault
Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin Moderate
CVE-2022-25184 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 16, 2022
NotMyFault
Personal tokens stored in plain text by Jenkins incapptic connect uploader Plugin Moderate
CVE-2022-27218 was published for com.incapptic.plugins:incapptic-connect-uploader (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins kubernetes-cd Plugin Moderate
CVE-2022-27208 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Missing permission checks in Jenkins Release Helper Plugin Moderate
CVE-2022-27215 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
Passwords stored in plain text by Jenkins dbCharts Plugin Moderate
CVE-2022-27216 was published for org.jenkins-ci.plugins:dbCharts (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins List Git Branches Parameter Plugin Moderate
CVE-2022-27212 was published for org.jenkins-ci.plugins:list-git-branches-parameter (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins global-build-stats Plugin Moderate
CVE-2022-27207 was published for org.jenkins-ci.plugins:global-build-stats (Maven) Mar 16, 2022
NotMyFault
Passwords stored in plain text by Jenkins Vmware vRealize CodeStream Plugin Moderate
CVE-2022-27217 was published for com.vmware.vcac:vmware-vrealize-codestream (Maven) Mar 16, 2022
NotMyFault
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs Moderate
CVE-2022-27209 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Release Helper Plugin Moderate
CVE-2022-27214 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27205 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin High
CVE-2022-27198 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Folder-based Authorization Strategy Plugin Moderate
CVE-2022-27200 was published for io.jenkins.plugins:folder-auth (Maven) Mar 16, 2022
NotMyFault
Arbitrary JSON and property file read vulnerability in Jenkins Extended Choice Parameter Plugin Moderate
CVE-2022-27203 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin High
CVE-2022-27202 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27204 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin Moderate
CVE-2022-27197 was published for org.jenkins-ci.plugins:dashboard-view (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Favorite Plugin Moderate
CVE-2022-27196 was published for org.jvnet.hudson.plugins:favorite (Maven) Mar 16, 2022
NotMyFault
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin Low
CVE-2022-27195 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) Mar 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database