Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault
Jenkins Azure AD Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21679 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2021-21677 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Nested View Plugin High
CVE-2021-21680 was published for org.jenkins-ci.plugins:nested-view (Maven) May 24, 2022
NotMyFault
Session fixation vulnerability in Jenkins High
CVE-2021-21671 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins XebiaLabs XL Deploy Plugin allows capturing credentials High
CVE-2021-21665 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins URLTrigger Plugin High
CVE-2021-21659 was published for org.jenkins-ci.plugins:urltrigger (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Filesystem Trigger Plugin High
CVE-2021-21657 was published for org.jenkins-ci.plugins:fstrigger (Maven) May 24, 2022
NotMyFault
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin High
CVE-2021-21642 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin High
CVE-2021-22510 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Team Foundation Server Plugin allow capturing credentials High
CVE-2021-21638 was published for org.jenkins-ci.plugins:tfs (Maven) May 24, 2022
NotMyFault
CSRF vulnerability and in Jenkins OWASP Dependency-Track Plugin allow capturing credentials High
CVE-2021-21633 was published for org.jenkins-ci.plugins:dependency-track (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Build With Parameters Plugin High
CVE-2021-21629 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins CVS Plugin High
CVE-2020-2324 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Shelve Project Plugin High
CVE-2020-2321 was published for org.jenkins-ci.plugins:shelve-project-plugin (Maven) May 24, 2022
NotMyFault
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin High
CVE-2020-2286 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins warnings Plugin allows remote code execution High
CVE-2020-2280 was published for org.jvnet.hudson.plugins:warnings (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Liquibase Runner Plugin High
CVE-2020-2284 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API