GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
Moderate
CVE-2021-21664
was published
for
com.xebialabs.deployit.ci:deployit-plugin
(Maven)
May 24, 2022
Missing permission check in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials
Moderate
CVE-2021-21663
was published
for
com.xebialabs.deployit.ci:deployit-plugin
(Maven)
May 24, 2022
XSS vulnerability in Jenkins Markdown Formatter Plugin
Moderate
CVE-2021-21660
was published
for
io.jenkins.plugins:markdown-formatter
(Maven)
May 24, 2022
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds
Moderate
CVE-2021-21647
was published
for
org.jenkins-ci.plugins:electricflow
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Moderate
CVE-2021-21643
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs
Moderate
CVE-2021-21645
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
Moderate
CVE-2021-21644
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
Moderate
CVE-2021-22512
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
SSL/TLS certificate validation unconditionally disabled by Jenkins Micro Focus Application Automation Tools Plugin
Moderate
CVE-2021-22511
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Missing permission checks in Micro Focus Application Automation Tools Plugin
Moderate
CVE-2021-22513
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Lack of type validation in agent related REST API in Jenkins
Moderate
CVE-2021-21639
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins promoted builds Plugin
Moderate
CVE-2021-21641
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
May 24, 2022
View name validation bypass in Jenkins
Moderate
CVE-2021-21640
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Passwords stored in plain text by Jenkins Jabber (XMPP) notifier and control Plugin
Moderate
CVE-2021-21634
was published
for
org.jvnet.hudson.plugins:jabber
(Maven)
May 24, 2022
Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials
Moderate
CVE-2021-21632
was published
for
org.jenkins-ci.plugins:dependency-track
(Maven)
May 24, 2022
Missing permission check in Jenkins Team Foundation Server Plugin allows enumerating credentials IDs
Moderate
CVE-2021-21636
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Missing permission check in Jenkins Team Foundation Server Plugin allow capturing credentials
Moderate
CVE-2021-21637
was published
for
org.jenkins-ci.plugins:tfs
(Maven)
May 24, 2022
Missing permission check in Jenkins Cloud Statistics Plugin
Moderate
CVE-2021-21631
was published
for
org.jenkins-ci.plugins:cloud-stats
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins REST List Parameter Plugin
Moderate
CVE-2021-21635
was published
for
io.jenkins.plugins:rest-list-parameter
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Extra Columns Plugin
Moderate
CVE-2021-21630
was published
for
org.jenkins-ci.plugins:extra-columns
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Build With Parameters Plugin
Moderate
CVE-2021-21628
was published
for
org.jenkins-ci.plugins:build-with-parameters
(Maven)
May 24, 2022
Missing permission checks in Jenkins CloudBees AWS Credentials Plugin allows enumerating credentials IDs
Moderate
CVE-2021-21625
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
May 24, 2022
Missing permission checks in Jenkins Warnings Next Generation Plugin allow listing workspace contents
Moderate
CVE-2021-21626
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21624
was published
for
org.jenkins-ci.plugins:role-strategy
(Maven)
May 24, 2022
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21623
was published
for
org.jenkins-ci.plugins:matrix-auth
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API