Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Stored XSS vulnerability in Jenkins Extra Columns Plugin Moderate
CVE-2021-21630 was published for org.jenkins-ci.plugins:extra-columns (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin Moderate
CVE-2021-21622 was published for io.jenkins.plugins:artifact-repository-parameter (Maven) May 24, 2022
NotMyFault
Support bundles can include user session IDs in Jenkins Support Core Plugin Low
CVE-2021-21621 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
NotMyFault
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin Moderate
CVE-2022-30952 was published for io.jenkins.blueocean:blueocean-pipeline-scm-api (Maven) May 18, 2022
NotMyFault
Path traversal in Jenkins REPO Plugin Low
CVE-2022-30949 was published for org.jenkins-ci.plugins:git (Maven) May 18, 2022
NotMyFault
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins notification bar Moderate
CVE-2021-21603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Visualworks Store Plugin Moderate
CVE-2020-2315 was published for org.jenkins-ci.plugins:visualworks-store (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration Moderate
CVE-2020-2311 was published for io.jenkins.plugins:aws-global-configuration (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs Moderate
CVE-2020-2310 was published for org.jenkins-ci.plugins:ansible (Maven) May 24, 2022
NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Mercurial Plugin Moderate
CVE-2020-2305 was published for org.jenkins-ci.plugins:mercurial (Maven) May 24, 2022
NotMyFault westonsteimel
Missing permission check in Jenkins Active Directory Plugin allows accessing domain health check page Moderate
CVE-2020-2302 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault
Authentication cache in Active Directory Jenkins Plugin allows logging in with any password Critical
CVE-2020-2301 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Missing permission check in Jenkins Liquibase Runner Plugin allows enumerating credentials IDs Moderate
CVE-2020-2285 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Script Security Plugin Critical
CVE-2020-2279 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault westonsteimel
CSRF vulnerability in Jenkins Lockable Resources Plugin Moderate
CVE-2020-2281 was published for org.6wind.jenkins:lockable-resources (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins button labels Moderate
CVE-2021-21608 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Arbitrary file existence check in file fingerprints in Jenkins Moderate
CVE-2021-21606 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Excessive memory allocation in graph URLs leads to denial of service in Jenkins Moderate
CVE-2021-21607 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins on new item page Moderate
CVE-2021-21611 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins markup formatter preview Moderate
CVE-2021-21610 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins TICS Plugin Moderate
CVE-2021-21613 was published for io.jenkins.plugins:tics (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins Bumblebee HP ALM Plugin Moderate
CVE-2021-21614 was published for org.jenkins-ci.plugins:bumblebee (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database