GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
335 advisories
Filter by severity
Lack of authentication mechanism in Jenkins DotCi Plugin webhook
Moderate
CVE-2022-41238
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41227
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Path traversal in Jenkins build-publisher Plugin
Moderate
CVE-2022-41231
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Jenkins SmallTest Plugin missing hostname validation
Moderate
CVE-2022-41243
was published
for
com.smalltest:smalltest
(Maven)
Sep 22, 2022
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference
Moderate
CVE-2022-41241
was published
for
net.praqma:rqm-plugin
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Security Inspector plugin
Moderate
CVE-2022-41236
was published
for
org.jenkins-ci.plugins:security-inspector
(Maven)
Sep 22, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability
Moderate
CVE-2022-41233
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Moderate
CVE-2022-41245
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin
Moderate
CVE-2022-41234
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal
Moderate
CVE-2022-41235
was published
for
org.jenkins-ci.plugins:wildfly-deployer
(Maven)
Sep 22, 2022
Missing permission check in Jenkins build-publisher Plugin
Moderate
CVE-2022-41230
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials
Moderate
CVE-2022-41254
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
Moderate
CVE-2022-41253
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs
Moderate
CVE-2022-41252
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials
Moderate
CVE-2022-41250
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41249
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
Cross-site Scripting in Jenkins Job Configuration History Plugin
Moderate
CVE-2022-38664
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Aug 24, 2022
Improper masking of credentials Jenkins in Git Plugin
Moderate
CVE-2022-38663
was published
for
org.jenkins-ci.plugins:git
(Maven)
Aug 24, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36882
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36883
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Moderate
CVE-2022-36888
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jul 28, 2022
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification
Moderate
CVE-2022-36881
was published
for
org.jenkins-ci.plugins:git-client
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36884
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins Google Cloud Backup Plugin
Moderate
CVE-2022-36916
was published
for
org.jenkins-ci.plugins:google-cloud-backup
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36911
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
ProTip!
Advisories are also available from the
GraphQL API