GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
210 advisories
Filter by severity
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High
CVE-2022-28136
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34170
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins
High
CVE-2020-2160
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin
High
CVE-2022-43420
was published
for
org.jenkins-ci.plugins:contrast-continuous-application-security
(Maven)
Oct 19, 2022
Cross-site Scripting in Jenkins Deployment Dashboard Plugin
High
CVE-2022-34795
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-43407
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Oct 19, 2022
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43430
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin
High
CVE-2022-43434
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Oct 19, 2022
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference
High
CVE-2022-41226
was published
for
com.compuware.jenkins:compuware-common-configuration
(Maven)
Sep 22, 2022
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component
High
CVE-2022-41224
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 22, 2022
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
High
CVE-2022-36894
was published
for
org.jenkins-ci.plugins:clif-performance-testing
(Maven)
Jul 28, 2022
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
High
CVE-2022-45381
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
Nov 16, 2022
XXE vulnerability in Jenkins REPO Plugin
High
CVE-2022-43415
was published
for
org.jenkins-ci.plugins:repo
(Maven)
Oct 19, 2022
Cross-site Scripting in Jenkins Plot Plugin
High
CVE-2022-34783
was published
for
org.jenkins-ci.plugins:plot
(Maven)
Jul 1, 2022
Unauthorized view fragment access in Jenkins
High
CVE-2022-34175
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin
High
CVE-2022-20619
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
XXE vulnerability in Jenkins OWASP Dependency-Check Plugin
High
CVE-2021-43577
was published
for
org.jenkins-ci.plugins:dependency-check-jenkins-plugin
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Robot Framework Plugin
High
CVE-2020-2092
was published
for
org.jenkins-ci.plugins:robot
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Code Coverage API Plugin
High
CVE-2020-2172
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Yaml Axis Plugin
High
CVE-2020-2179
was published
for
org.jenkins-ci.plugins:yaml-axis
(Maven)
May 24, 2022
Jenkins Cross-Site Scripting vulnerability in help icons
High
CVE-2020-2229
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API