GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
Stored XSS vulnerability in Jenkins Checkmarx Plugin
High
CVE-2022-46684
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Dec 12, 2022
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45401
was published
for
org.jenkins-ci.main:associated-files-plugin
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins JAPEX Plugin
High
CVE-2022-45400
was published
for
org.jvnet.hudson.plugins:japex
(Maven)
Nov 16, 2022
Jenkins Config Rotator Plugin vulnerable to path traversal
High
CVE-2022-45388
was published
for
org.jenkins-ci.main:config-rotator
(Maven)
Nov 16, 2022
Jenkins BART Plugin vulnerable to cross-site scripting (XSS)
High
CVE-2022-45387
was published
for
org.jenkins-ci.plugins:bart
(Maven)
Nov 16, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
High
CVE-2022-45381
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
Nov 16, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-43407
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin
High
CVE-2022-43433
was published
for
io.jenkins.plugins:screenrecorder
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin
High
CVE-2022-43432
was published
for
org.jenkins-ci.plugins:xframium
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-43425
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43405
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43404
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin
High
CVE-2022-43401
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Oct 19, 2022
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin
High
CVE-2022-43406
was published
for
io.jenkins.plugins:pipeline-groovy-lib
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
High
CVE-2022-43420
was published
for
org.jenkins-ci.plugins:contrast-continuous-application-security
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43430
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin
High
CVE-2022-43434
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin
High
CVE-2022-43435
was published
for
org.jenkins-ci.plugins.plugin:fireline
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins REPO Plugin
High
CVE-2022-43415
was published
for
org.jenkins-ci.plugins:repo
(Maven)
Oct 19, 2022
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
High
CVE-2022-41224
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 22, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2022-41226
was published
for
com.compuware.jenkins:compuware-common-configuration
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API