GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,727
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
3,000
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
Credentials transmitted in plain text by OpenShift Deployer Plugin
Low
CVE-2020-2155
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 24, 2022
Credentials transmitted in plain text by Repository Connector Plugin
Low
CVE-2020-2149
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
May 24, 2022
RCE vulnerability in Google Kubernetes Engine Plugin
High
CVE-2020-2121
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins brakeman Plugin
Moderate
CVE-2020-2122
was published
for
org.jenkins-ci.plugins:brakeman
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin
High
CVE-2020-2166
was published
for
de.taimos:pipeline-aws
(Maven)
May 24, 2022
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin
Moderate
CVE-2020-2318
was published
for
org.jenkins-ci.plugins:mailcommander
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins RapidDeploy Plugin
Moderate
CVE-2020-2170
was published
for
org.jenkins-ci.plugins:rapiddeploy-jenkins
(Maven)
May 24, 2022
XXE vulnerability in Jenkins RapidDeploy Plugin
High
CVE-2020-2171
was published
for
org.jenkins-ci.plugins:rapiddeploy-jenkins
(Maven)
May 24, 2022
RCE vulnerability in Jenkins Azure Container Service Plugin
High
CVE-2020-2168
was published
for
org.jenkins-ci.plugins:azure-acs
(Maven)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2020-2198
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Password stored in plain text by Jenkins AppSpider Plugin
Low
CVE-2020-2314
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 24, 2022
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin
Low
CVE-2020-2319
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 24, 2022
Cross-site Scripting in Jenkins Stash Branch Parameter Plugin
High
CVE-2022-34198
was published
for
org.jenkins-ci.plugins:StashBranchParameter
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin
High
CVE-2022-34184
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Date Parameter Plugin
High
CVE-2022-34185
was published
for
me.leejay.jenkins:date-parameter
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins JUnit Plugin
High
CVE-2022-34176
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Agent Server Parameter Plugin
High
CVE-2022-34183
was published
for
io.jenkins.plugins:agent-server-parameter
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Filesystem List Parameter Plugin
High
CVE-2022-34187
was published
for
aendter.jenkins.plugins:filesystem-list-parameter-plugin
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Sauce OnDemand Plugin
High
CVE-2022-34197
was published
for
org.jenkins-ci.plugins:sauce-ondemand
(Maven)
Jun 24, 2022
Cross-site Scripting vulnerability in Jenkins
High
CVE-2022-34173
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins ontrack Jenkins Plugin
High
CVE-2022-34192
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Hidden Parameter Plugin
High
CVE-2022-34188
was published
for
org.jenkins-ci.plugins:hidden-parameter
(Maven)
Jun 24, 2022
Missing permission check in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34201
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Agent-to-controller security bypass in Jenkins xUnit Plugin
Moderate
CVE-2022-34181
was published
for
org.jenkins-ci.plugins:xunit
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin
High
CVE-2022-34186
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API