Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,449
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,464
NuGet
595
pip
2,880
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin Low
CVE-2022-43412 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin High
CVE-2022-43432 was published for org.jenkins-ci.plugins:xframium (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin High
CVE-2022-43433 was published for io.jenkins.plugins:screenrecorder (Maven) Oct 19, 2022
NotMyFault
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43428 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Non-constant time webhook token comparison in Jenkins GitLab Plugin Low
CVE-2022-43411 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin High
CVE-2022-43409 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43404 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43405 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43406 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43401 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
AWS secrets displayed without masking by Jenkins S3 Explorer Plugin Low
CVE-2022-43426 was published for io.jenkins.plugins:s3explorer (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin High
CVE-2022-43435 was published for org.jenkins-ci.plugins.plugin:fireline (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials Moderate
CVE-2022-43418 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin High
CVE-2022-43420 was published for org.jenkins-ci.plugins:contrast-continuous-application-security (Maven) Oct 19, 2022
NotMyFault
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin Moderate
CVE-2022-43410 was published for org.jenkins-ci.plugins:mercurial (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Missing hostname validation in Jenkins View26 Test-Reporting Plugin Moderate
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API