Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,726
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
2,999
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Cross-Site Request Forgery in Jenkins P4 Plugin High
CVE-2021-21655 was published for org.jenkins-ci.plugins:p4 (Maven) Mar 18, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin Moderate
CVE-2022-28160 was published for org.jenkins-ci.plugins:selected-tests-executor (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Tests Selector Plugin Moderate
CVE-2022-28159 was published for org.jenkins-ci.plugins:selected-tests-executor (Maven) Mar 30, 2022
NotMyFault
Cross site request forgery in Jenkins Job and Node ownership Plugin High
CVE-2022-28150 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Missing permission check in Jenkins Job and Node ownership Plugin Moderate
CVE-2022-28151 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Path traversal vulnerability on Windows in Jenkins Continuous Integration with Toad Edge Plugin Moderate
CVE-2022-28148 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability in Jenkins Job and Node ownership Plugin Moderate
CVE-2022-28152 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin High
CVE-2022-28149 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin Moderate
CVE-2022-28147 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin High
CVE-2022-28145 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability in Jenkins RocketChat Notifier Plugin Moderate
CVE-2022-28138 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022
NotMyFault
Missing permission check in Jenkins RocketChat Notifier Plugin Moderate
CVE-2022-28139 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022
NotMyFault tdunlap607
Plaintext storage in Jenkins instant-messaging Plugin Moderate
CVE-2022-28135 was published for org.jvnet.hudson.plugins:instant-messaging (Maven) Mar 30, 2022
NotMyFault
Missing permission check in Jenkins JiraTestResultReporter Plugin Moderate
CVE-2022-28137 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
Missing permission checks in Jekins Bitbucket Server Integration Plugin Moderate
CVE-2022-28134 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Mar 30, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Bitbucket Server Integration Plugin Moderate
CVE-2022-28133 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Mar 30, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Continuous Integration with Toad Edge Plugin Moderate
CVE-2022-28146 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin High
CVE-2022-28155 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
NotMyFault
SSL/TLS certificate validation globally disabled by Jenkins Proxmox Plugin Moderate
CVE-2022-28142 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
NotMyFault
Private key stored in plain text by Jenkins Google Compute Engine Plugin Moderate
CVE-2022-29052 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Apr 13, 2022
NotMyFault
CSRF vulnerability in Jenkins Subversion Plugin Moderate
CVE-2022-29048 was published for org.jenkins-ci.plugins:subversion (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting in Jenkins Node and Label parameter Plugin Moderate
CVE-2022-29044 was published for org.jenkins-ci.plugins:nodelabelparameter (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
ProTip! Advisories are also available from the GraphQL API