Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

60 advisories

Loading
Jenkins REST APIs vulnerable to clickjacking Low
CVE-2020-2105 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Amazon EC2 Plugin Low
CVE-2020-2090 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Path traversal in Jenkins REPO Plugin Low
CVE-2022-30949 was published for org.jenkins-ci.plugins:git (Maven) May 18, 2022
NotMyFault
Path traversal in Jenkins Mercurial Plugin Low
CVE-2022-30948 was published for org.jenkins-ci.plugins:mercurial (Maven) May 18, 2022
NotMyFault
Sensitive parameter values captured in build metadata files by Jenkins Parameterized Trigger Plugin Low
CVE-2022-27195 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) Mar 16, 2022
NotMyFault
Client Secret stored in plain text by Jenkins GitLab Authentication Plugin Low
CVE-2022-27206 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Mar 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin Low
CVE-2022-25186 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
Improper Synchronization in Jenkins Convertigo Mobile Platform Plugin Low
CVE-2022-25210 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Feb 16, 2022
NotMyFault
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin Low
CVE-2022-23106 was published for io.jenkins:configuration-as-code (Maven) Jan 21, 2022
NotMyFault westonsteimel
Password stored in plain text by Jenkins Publish Over SSH Plugin Low
CVE-2022-23114 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault MarkLee131
ProTip! Advisories are also available from the GraphQL API