GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Missing hostname validation in Jenkins View26 Test-Reporting Plugin
Moderate
CVE-2022-41244
was published
for
org.jenkins-ci.plugins:view26
(Maven)
Sep 22, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin
Moderate
CVE-2022-41234
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
High
CVE-2022-41224
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 22, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2022-41226
was published
for
com.compuware.jenkins:compuware-common-configuration
(Maven)
Sep 22, 2022
Missing permission check in Jenkins build-publisher Plugin
Moderate
CVE-2022-41230
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
CSRF vulnerability and mM
Moderate
CVE-2022-41246
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting
High
CVE-2022-41229
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41227
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting
High
CVE-2022-41225
was published
for
org.jenkins-ci.plugins:anchore-container-scanner
(Maven)
Sep 22, 2022
Stored XSS vulnerability in Jenkins Walti plugin
High
CVE-2022-41240
was published
for
org.jenkins-ci.plugins:walti
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Moderate
CVE-2022-41245
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Jenkins SmallTest Plugin missing hostname validation
Moderate
CVE-2022-41243
was published
for
com.smalltest:smalltest
(Maven)
Sep 22, 2022
Path traversal in Jenkins build-publisher Plugin
Moderate
CVE-2022-41231
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Jenkins build-publisher plugin vulnerable to cross-site request forgery
High
CVE-2022-41232
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization
Moderate
CVE-2022-41228
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Lack of authentication mechanism in Jenkins DotCi Plugin webhook
Moderate
CVE-2022-41238
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Stored XSS vulnerability in Jenkins DotCi Plugin
High
CVE-2022-41239
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability
Moderate
CVE-2022-41233
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Security Inspector plugin
Moderate
CVE-2022-41236
was published
for
org.jenkins-ci.plugins:security-inspector
(Maven)
Sep 22, 2022
RCE vulnerability in Jenkins DotCi Plugin
High
CVE-2022-41237
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials
Moderate
CVE-2022-41250
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41249
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
Jenkins BigPanda Notifier Plugin Missing Password Field Masking
Low
CVE-2022-41248
was published
for
org.jenkins-ci.plugins:bigpanda-jenkins
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API