Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,727
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

335 advisories

Password parameter default values exposed by Jenkins Pipeline: Build Step Plugin Moderate
CVE-2022-25184 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) Feb 16, 2022
NotMyFault
Path traversal vulnerability in Jenkins Fortify Plugin Moderate
CVE-2022-25188 was published for org.jenkins-ci.plugins:fortify (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs Moderate
CVE-2022-25190 was published for org.conjur.jenkins:conjur-credentials (Maven) Feb 16, 2022
NotMyFault
Jenkins Snow Commander Plugin 2.0 vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-25192 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization Moderate
CVE-2022-25193 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
Open redirect vulnerability in Jenkins GitLab Authentication Plugin Moderate
CVE-2022-25196 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) Feb 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins HashiCorp Vault Plugin allows reading arbitrary files Moderate
CVE-2022-25197 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Checkmarx Plugin allow capturing credentials Moderate
CVE-2022-25200 was published for com.checkmarx.jenkins:checkmarx (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials Moderate
CVE-2022-25201 was published for com.checkmarx.jenkins:checkmarx (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds (Simple) Plugin Moderate
CVE-2022-25202 was published for org.jenkins-ci.plugins:promoted-builds-simple (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Team Views Plugin Moderate
CVE-2022-25203 was published for com.sonymobile.jenkins.plugins.teamviews:team-views (Maven) Feb 16, 2022
NotMyFault
Protection Mechanism Failure in Jenkins Doktor Plugin Moderate
CVE-2022-25204 was published for by.dev.madhead.doktor:doktor (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25212 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Request logging bypass in Jenkins Audit Trail Plugin Moderate
CVE-2020-2287 was published for org.jenkins-ci.plugins:audit-trail (Maven) Feb 10, 2022
NotMyFault
DoS vulnerability in bundled XStream library in Jenkins Core Moderate
CVE-2022-0538 was published for org.jenkins-ci.main:jenkins-core (Maven) Feb 10, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
User passwords transmitted in plain text by Jenkins Active Directory Plugin Moderate
CVE-2022-23105 was published for org.jenkins-ci.plugins:active-directory (Maven) Jan 13, 2022
NotMyFault
Improper credentials masking in Jenkins HashiCorp Vault Plugin Moderate
CVE-2022-23109 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jan 13, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23110 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
CSRF vulnerability in Jenkins batch task Plugin Moderate
CVE-2022-23115 was published for org.jenkins-ci.plugins:batch-task (Maven) Jan 13, 2022
NotMyFault
Path traversal vulnerability in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23113 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23111 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API