Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,727
Erlang
29
GitHub Actions
16
Go
1,709
Maven
4,946
npm
3,474
NuGet
605
pip
3,000
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Credentials transmitted in plain text by OpenShift Deployer Plugin Low
CVE-2020-2155 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 24, 2022
NotMyFault
Credentials transmitted in plain text by Repository Connector Plugin Low
CVE-2020-2149 was published for org.jenkins-ci.plugins:repository-connector (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins brakeman Plugin Moderate
CVE-2020-2122 was published for org.jenkins-ci.plugins:brakeman (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Pipeline: AWS Steps Plugin High
CVE-2020-2166 was published for de.taimos:pipeline-aws (Maven) May 24, 2022
NotMyFault
Passwords stored in plain text by Mail Commander Plugin for Jenkins-ci Plugin Moderate
CVE-2020-2318 was published for org.jenkins-ci.plugins:mailcommander (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins RapidDeploy Plugin Moderate
CVE-2020-2170 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins RapidDeploy Plugin High
CVE-2020-2171 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Azure Container Service Plugin High
CVE-2020-2168 was published for org.jenkins-ci.plugins:azure-acs (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2198 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins AppSpider Plugin Low
CVE-2020-2314 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins VMware Lab Manager Slaves Plugin Low
CVE-2020-2319 was published for org.jenkins-ci.plugins:labmanager (Maven) May 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Stash Branch Parameter Plugin High
CVE-2022-34198 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins CRX Content Package Deployer Plugin High
CVE-2022-34184 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Date Parameter Plugin High
CVE-2022-34185 was published for me.leejay.jenkins:date-parameter (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins JUnit Plugin High
CVE-2022-34176 was published for org.jenkins-ci.plugins:junit (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Agent Server Parameter Plugin High
CVE-2022-34183 was published for io.jenkins.plugins:agent-server-parameter (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Filesystem List Parameter Plugin High
CVE-2022-34187 was published for aendter.jenkins.plugins:filesystem-list-parameter-plugin (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Sauce OnDemand Plugin High
CVE-2022-34197 was published for org.jenkins-ci.plugins:sauce-ondemand (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34173 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins ontrack Jenkins Plugin High
CVE-2022-34192 was published for org.jenkins-ci.plugins:ontrack (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Hidden Parameter Plugin High
CVE-2022-34188 was published for org.jenkins-ci.plugins:hidden-parameter (Maven) Jun 24, 2022
NotMyFault
Missing permission check in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34201 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins xUnit Plugin Moderate
CVE-2022-34181 was published for org.jenkins-ci.plugins:xunit (Maven) Jun 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Dynamic Extended Choice Parameter Plugin High
CVE-2022-34186 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) Jun 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API