GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Moderate
CVE-2023-35925
was published
for
com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit
(Maven)
Jun 22, 2023
Stored XSS vulnerability in Jenkins Checkmarx Plugin
High
CVE-2022-46684
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Dec 12, 2022
XML External Entity Reference in Jenkins Violations Plugin
Moderate
CVE-2022-45386
was published
for
org.jenkins-ci.plugins:violations
(Maven)
Nov 16, 2022
Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45387
was published
for
org.jenkins-ci.plugins:bart
(Maven)
Nov 16, 2022
Jenkins Config Rotator Plugin vulnerable to path traversal
High
CVE-2022-45388
was published
for
org.jenkins-ci.main:config-rotator
(Maven)
Nov 16, 2022
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords
Moderate
CVE-2022-45384
was published
for
org.jenkins-ci.main:reverse-proxy-auth-plugin
(Maven)
Nov 16, 2022
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
Moderate
CVE-2022-45385
was published
for
org.jenkins-ci.plugins:dockerhub-notification
(Maven)
Nov 16, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Moderate
CVE-2022-45390
was published
for
io.loader:loaderio-jenkins-plugin
(Maven)
Nov 16, 2022
Missing permission check in Jenkins Delete log Plugin
Moderate
CVE-2022-45394
was published
for
org.jenkins-ci.plugins:delete-log-plugin
(Maven)
Nov 16, 2022
Cross-Site Request Forgery in Jenkins Delete log Plugin
Moderate
CVE-2022-45393
was published
for
org.jenkins-ci.plugins:delete-log-plugin
(Maven)
Nov 16, 2022
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally
Moderate
CVE-2022-45391
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-45392
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin
Moderate
CVE-2022-45397
was published
for
org.jenkins-ci:update-center2
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins JAPEX Plugin
High
CVE-2022-45400
was published
for
org.jvnet.hudson.plugins:japex
(Maven)
Nov 16, 2022
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45401
was published
for
org.jenkins-ci.main:associated-files-plugin
(Maven)
Nov 16, 2022
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin
Moderate
CVE-2022-45398
was published
for
org.zeroturnaround:cluster-stats
(Maven)
Nov 16, 2022
XML External Entity Reference in Jenkins CCCC Plugin
Critical
CVE-2022-45395
was published
for
com.thalesgroup.jenkins-ci.plugins:cccc
(Maven)
Nov 16, 2022
XXE vulnerability on agents in Jenkins SourceMonitor Plugin
Moderate
CVE-2022-45396
was published
for
com.thalesgroup.hudson.plugins:sourcemonitor
(Maven)
Nov 16, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin
Moderate
CVE-2022-38666
was published
for
org.jenkins-ci.main:cavisson-ns-nd-integration
(Maven)
Nov 16, 2022
Cross-site Scripting in Jenkins Naginator Plugin
Moderate
CVE-2022-45382
was published
for
org.jenkins-ci.plugins:naginator
(Maven)
Nov 16, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
High
CVE-2022-45381
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
Nov 16, 2022
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-43407
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API