GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,732
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
CSRF vulnerability in Amazon EC2 Plugin
Low
CVE-2020-2186
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Improper Authentication (empty password) in Jenkins Active Directory Plugin
Critical
CVE-2020-2300
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Missing permission check in Blue Ocean Plugin
Moderate
CVE-2020-2255
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 24, 2022
Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name
High
CVE-2020-2256
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin
High
CVE-2020-2236
was published
for
com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer
(Maven)
May 24, 2022
Missing permission checks in Health Advisor by CloudBees Plugin
Moderate
CVE-2020-2094
was published
for
org.jenkins-ci.plugins:cloudbees-jenkins-advisor
(Maven)
May 24, 2022
Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin
Moderate
CVE-2020-2282
was published
for
org.jenkins-ci.plugins:implied-labels
(Maven)
May 24, 2022
CSRF vulnerability in Mac Plugin
Moderate
CVE-2020-2147
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Active Directory Plugin
Moderate
CVE-2020-2303
was published
for
org.jenkins-ci.plugins:active-directory
(Maven)
May 24, 2022
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin
Moderate
CVE-2020-2187
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Liquibase Runner Plugin
Moderate
CVE-2020-2283
was published
for
org.jenkins-ci.plugins:liquibase-runner
(Maven)
May 24, 2022
Cross Site Request Forgery in Jenkins Blue Ocean Plugin
Moderate
CVE-2022-30953
was published
for
io.jenkins.blueocean:blueocean-parent
(Maven)
May 18, 2022
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21624
was published
for
org.jenkins-ci.plugins:role-strategy
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins REST List Parameter Plugin
Moderate
CVE-2021-21635
was published
for
io.jenkins.plugins:rest-list-parameter
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Timestamper Plugin
Moderate
CVE-2020-2137
was published
for
org.jenkins-ci.plugins:timestamper
(Maven)
May 24, 2022
Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs
Moderate
CVE-2020-2313
was published
for
org.jenkins-ci.plugins:azure-keyvault
(Maven)
May 24, 2022
Stored XSS vulnerability in Code Coverage API Plugin
Moderate
CVE-2020-2106
was published
for
io.jenkins.plugins:code-coverage-api
(Maven)
May 24, 2022
XXE vulnerability in Jenkins Subversion Plugin
Moderate
CVE-2020-2304
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
Missing permission checks in Micro Focus Application Automation Tools Plugin
Moderate
CVE-2021-22513
was published
for
org.jenkins-ci.plugins:hp-application-automation-tools-plugin
(Maven)
May 24, 2022
Open redirect vulnerability in Jenkins CAS Plugin
Moderate
CVE-2021-21673
was published
for
org.jenkins-ci.plugins:cas-plugin
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files
Moderate
CVE-2021-21644
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins Build With Parameters Plugin
Moderate
CVE-2021-21628
was published
for
org.jenkins-ci.plugins:build-with-parameters
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins Build With Parameters Plugin
High
CVE-2021-21629
was published
for
org.jenkins-ci.plugins:build-with-parameters
(Maven)
May 24, 2022
XXE vulnerability in Rundeck Plugin
High
CVE-2020-2144
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
CSRF vulnerability in Jenkins CVS Plugin
Moderate
CVE-2020-2184
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API