Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Path traversal vulnerability in Jenkins agent names High
CVE-2021-21605 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2021-21616 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Libvirt Agents Plugin High
CVE-2021-21627 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
NotMyFault
Lack of type validation in agent related REST API in Jenkins Moderate
CVE-2021-21639 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin High
CVE-2021-22510 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Remote code execution vulnerability in Jenkins Templating Engine Plugin High
CVE-2021-21646 was published for org.jenkins-ci.plugins:templating-engine (Maven) May 24, 2022
NotMyFault
XSS vulnerability in Jenkins Markdown Formatter Plugin Moderate
CVE-2021-21660 was published for io.jenkins.plugins:markdown-formatter (Maven) May 24, 2022
NotMyFault aruneko
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Copy Artifact Plugin Moderate
CVE-2020-2183 was published for org.jenkins-ci.plugins:copyartifact (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins upstream cause High
CVE-2020-2221 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins 'keep forever' badge icon High
CVE-2020-2222 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2289 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2290 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault
Jenkins Cross-site Scripting vulnerability in project naming strategy High
CVE-2020-2230 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Request logging bypass in Jenkins Audit Trail Plugin Moderate
CVE-2020-2287 was published for org.jenkins-ci.plugins:audit-trail (Maven) Feb 10, 2022
NotMyFault
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin High
CVE-2020-2226 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin High
CVE-2020-2225 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 24, 2022
NotMyFault
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2093 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API