Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,456
Erlang
29
GitHub Actions
16
Go
1,671
Maven
4,934
npm
3,466
NuGet
600
pip
2,970
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Jenkins BigPanda Notifier Plugin stores BigPanda API key unencrypted Low
CVE-2022-41247 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Stored XSS vulnerability in Jenkins DotCi Plugin High
CVE-2022-41239 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Walti plugin High
CVE-2022-41240 was published for org.jenkins-ci.plugins:walti (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials Moderate
CVE-2022-41245 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41228 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Jenkins Rundeck Plugin Missing Authorization vulnerability Moderate
CVE-2022-41233 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Jenkins build-publisher plugin vulnerable to cross-site request forgery High
CVE-2022-41232 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
RCE vulnerability in Jenkins DotCi Plugin High
CVE-2022-41237 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Security Inspector plugin Moderate
CVE-2022-41236 was published for org.jenkins-ci.plugins:security-inspector (Maven) Sep 22, 2022
NotMyFault
Path traversal in Jenkins build-publisher Plugin Moderate
CVE-2022-41231 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-site Scripting High
CVE-2022-41229 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Jenkins RQM Plugin vulnerable to Improper Restriction of XML External Entity Reference Moderate
CVE-2022-41241 was published for net.praqma:rqm-plugin (Maven) Sep 22, 2022
NotMyFault
Jenkins Anchore Container Image Scanner Plugin vulnerable to cross site scripting High
CVE-2022-41225 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41227 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Jenkins SmallTest Plugin missing hostname validation Moderate
CVE-2022-41243 was published for com.smalltest:smalltest (Maven) Sep 22, 2022
NotMyFault
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
Missing webhook endpoint authorization in Jenkins Rundeck Plugin Moderate
CVE-2022-41234 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component High
CVE-2022-41224 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 22, 2022
NotMyFault
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins build-publisher Plugin Moderate
CVE-2022-41230 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41254 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs Moderate
CVE-2022-41252 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41253 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API