GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Path traversal vulnerability in Jenkins agent names
High
CVE-2021-21605
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Active Choices Plugin
Moderate
CVE-2021-21616
was published
for
org.biouno:uno-choice
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Libvirt Agents Plugin
High
CVE-2021-21627
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Lack of type validation in agent related REST API in Jenkins
Moderate
CVE-2021-21639
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Reflected XSS vulnerability in Jenkins Micro Focus Application Automation Tools Plugin
High
CVE-2021-22510
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Remote code execution vulnerability in Jenkins Templating Engine Plugin
High
CVE-2021-21646
was published
for
org.jenkins-ci.plugins:templating-engine
(Maven)
May 24, 2022
XSS vulnerability in Jenkins Markdown Formatter Plugin
Moderate
CVE-2021-21660
was published
for
io.jenkins.plugins:markdown-formatter
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2134
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin
High
CVE-2020-2135
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 24, 2022
Improper permission checks in Jenkins Copy Artifact Plugin
Moderate
CVE-2020-2183
was published
for
org.jenkins-ci.plugins:copyartifact
(Maven)
May 24, 2022
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Moderate
CVE-2020-2202
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins upstream cause
High
CVE-2020-2221
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins 'keep forever' badge icon
High
CVE-2020-2222
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Active Choices Plugin
Moderate
CVE-2020-2289
was published
for
org.biouno:uno-choice
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Active Choices Plugin
Moderate
CVE-2020-2290
was published
for
org.biouno:uno-choice
(Maven)
May 24, 2022
Jenkins Cross-site Scripting vulnerability in project naming strategy
High
CVE-2020-2230
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Request logging bypass in Jenkins Audit Trail Plugin
Moderate
CVE-2020-2287
was published
for
org.jenkins-ci.plugins:audit-trail
(Maven)
Feb 10, 2022
CSRF vulnerability in Jenkins Configuration Slicing Plugin
High
CVE-2021-21617
was published
for
org.jenkins-ci.plugins:configurationslicing
(Maven)
May 24, 2022
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
Moderate
CVE-2021-21664
was published
for
com.xebialabs.deployit.ci:deployit-plugin
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin
High
CVE-2020-2226
was published
for
org.jenkins-ci.plugins:matrix-auth
(Maven)
May 24, 2022
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin
High
CVE-2020-2225
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
May 24, 2022
Redgate SQL Change Automation Plugin stored credentials in plain text
Moderate
CVE-2020-2095
was published
for
com.redgate.plugins.redgatesqlci:redgate-sql-ci
(Maven)
May 24, 2022
Improper permission checks in Jenkins Swarm Plugin
Moderate
CVE-2020-2191
was published
for
org.jenkins-ci.plugins:swarm
(Maven)
May 24, 2022
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration
Low
CVE-2020-2114
was published
for
org.jenkins-ci.plugins:s3
(Maven)
May 24, 2022
CSRF vulnerability in Health Advisor by CloudBees Plugin
Moderate
CVE-2020-2093
was published
for
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API