Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin High
CVE-2022-25191 was published for io.jenkins.plugins:agent-server-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra High
CVE-2022-25209 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin High
CVE-2022-28149 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin High
CVE-2022-28155 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin High
CVE-2022-27202 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin High
CVE-2022-36902 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) Jul 28, 2022
NotMyFault
Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin High
CVE-2022-34790 was published for org.jenkins-ci.plugins:xfpanel (Maven) Jul 1, 2022
NotMyFault
Cross site scripting in Jenkins build-metrics Plugin High
CVE-2022-34784 was published for org.jenkins-ci.plugins:build-metrics (Maven) Jul 1, 2022
NotMyFault
Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS High
CVE-2022-34788 was published for net.praqma:matrix-reloaded (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins TestNG Results Plugin High
CVE-2022-34778 was published for org.jenkins-ci.plugins:testng-plugin (Maven) Jul 1, 2022
NotMyFault
Jenkins Project Inheritance Plugin vulnerable to cross site scripting High
CVE-2022-34787 was published for hudson.plugins:project-inheritance (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins GitLab Plugin High
CVE-2022-34777 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jul 1, 2022
NotMyFault
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin High
CVE-2022-43435 was published for org.jenkins-ci.plugins.plugin:fireline (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin High
CVE-2022-43433 was published for io.jenkins.plugins:screenrecorder (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43405 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin High
CVE-2022-43432 was published for org.jenkins-ci.plugins:xframium (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-43425 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43404 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43406 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database