GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin
Moderate
CVE-2022-29044
was published
for
org.jenkins-ci.plugins:nodelabelparameter
(Maven)
Apr 13, 2022
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
High
CVE-2022-29045
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
CSRF vulnerability in Jenkins Subversion Plugin
Moderate
CVE-2022-29048
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
Apr 13, 2022
Private key stored in plain text by Jenkins Google Compute Engine Plugin
Moderate
CVE-2022-29052
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Apr 13, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin
Moderate
CVE-2022-28142
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
High
CVE-2022-28155
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28146
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
Moderate
CVE-2022-28133
was published
for
io.jenkins.plugins:atlassian-bitbucket-server-integration
(Maven)
Mar 30, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Moderate
CVE-2022-28134
was published
for
io.jenkins.plugins:atlassian-bitbucket-server-integration
(Maven)
Mar 30, 2022
Plaintext storage in Jenkins instant-messaging Plugin
Moderate
CVE-2022-28135
was published
for
org.jvnet.hudson.plugins:instant-messaging
(Maven)
Mar 30, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High
CVE-2022-28136
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28138
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
High
CVE-2022-28145
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28151
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28147
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
High
CVE-2022-28149
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28148
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Cross site request forgery in Jenkins Job and Node ownership Plugin
High
CVE-2022-28150
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28152
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28159
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28160
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Cross-Site Request Forgery in Jenkins P4 Plugin
High
CVE-2021-21655
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Mar 18, 2022
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin
Low
CVE-2022-27195
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API