GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,725
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin
Moderate
CVE-2022-29044
was published
for
org.jenkins-ci.plugins:nodelabelparameter
(Maven)
Apr 13, 2022
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin
High
CVE-2022-29045
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
High
CVE-2022-29049
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
Private key stored in plain text by Jenkins Google Compute Engine Plugin
Moderate
CVE-2022-29052
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Apr 13, 2022
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin
Moderate
CVE-2022-28142
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin
Moderate
CVE-2022-28133
was published
for
io.jenkins.plugins:atlassian-bitbucket-server-integration
(Maven)
Mar 30, 2022
Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28146
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin
High
CVE-2022-28155
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28138
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Plaintext storage in Jenkins instant-messaging Plugin
Moderate
CVE-2022-28135
was published
for
org.jvnet.hudson.plugins:instant-messaging
(Maven)
Mar 30, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin
High
CVE-2022-28136
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Moderate
CVE-2022-28134
was published
for
io.jenkins.plugins:atlassian-bitbucket-server-integration
(Maven)
Mar 30, 2022
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin
High
CVE-2022-28145
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Cross site request forgery in Jenkins Job and Node ownership Plugin
High
CVE-2022-28150
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28151
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28148
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
CSRF vulnerability in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28152
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin
High
CVE-2022-28149
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28147
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28160
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin
Moderate
CVE-2022-28159
was published
for
org.jenkins-ci.plugins:selected-tests-executor
(Maven)
Mar 30, 2022
Cross-Site Request Forgery in Jenkins P4 Plugin
High
CVE-2021-21655
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Mar 18, 2022
Stored Cross-site Scripting vulnerability in Jenkins Dashboard View Plugin
Moderate
CVE-2022-27197
was published
for
org.jenkins-ci.plugins:dashboard-view
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API