Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,449
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,464
NuGet
595
pip
2,880
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials Moderate
CVE-2022-41250 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Jenkins BigPanda Notifier Plugin Missing Password Field Masking Low
CVE-2022-41248 was published for org.jenkins-ci.plugins:bigpanda-jenkins (Maven) Sep 22, 2022
NotMyFault
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41249 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
API token stored in plain text by Jenkins CONS3RT Plugin Low
CVE-2022-41255 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
RabbitMQ password stored in plain text by Jenkins CollabNet Plugins Plugin Low
CVE-2022-38665 was published for org.jenkins-ci.plugins:collabnet (Maven) Aug 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Job Configuration History Plugin Moderate
CVE-2022-38664 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Aug 24, 2022
NotMyFault
Improper masking of credentials Jenkins in Git Plugin Moderate
CVE-2022-38663 was published for org.jenkins-ci.plugins:git (Maven) Aug 24, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36884 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate
CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022
NotMyFault
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36907 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin High
CVE-2022-36905 was published for eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36908 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36906 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Coverity Plugin allows capturing credentials High
CVE-2022-36921 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Google Cloud Backup Plugin Moderate
CVE-2022-36916 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API