Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,732
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

CSRF vulnerability in Amazon EC2 Plugin Low
CVE-2020-2186 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel NotMyFault
Missing permission check in Blue Ocean Plugin Moderate
CVE-2020-2255 was published for io.jenkins.blueocean:blueocean (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name High
CVE-2020-2256 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin High
CVE-2020-2236 was published for com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer (Maven) May 24, 2022
NotMyFault
Missing permission checks in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2094 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin Moderate
CVE-2020-2282 was published for org.jenkins-ci.plugins:implied-labels (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Mac Plugin Moderate
CVE-2020-2147 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Active Directory Plugin Moderate
CVE-2020-2303 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Liquibase Runner Plugin Moderate
CVE-2020-2283 was published for org.jenkins-ci.plugins:liquibase-runner (Maven) May 24, 2022
NotMyFault
Cross Site Request Forgery in Jenkins Blue Ocean Plugin Moderate
CVE-2022-30953 was published for io.jenkins.blueocean:blueocean-parent (Maven) May 18, 2022
NotMyFault
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21624 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins REST List Parameter Plugin Moderate
CVE-2021-21635 was published for io.jenkins.plugins:rest-list-parameter (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Timestamper Plugin Moderate
CVE-2020-2137 was published for org.jenkins-ci.plugins:timestamper (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Azure Key Vault Plugin allow enumerating credentials IDs Moderate
CVE-2020-2313 was published for org.jenkins-ci.plugins:azure-keyvault (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Code Coverage API Plugin Moderate
CVE-2020-2106 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Subversion Plugin Moderate
CVE-2020-2304 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault
Missing permission checks in Micro Focus Application Automation Tools Plugin Moderate
CVE-2021-22513 was published for org.jenkins-ci.plugins:hp-application-automation-tools-plugin (Maven) May 24, 2022
NotMyFault
Open redirect vulnerability in Jenkins CAS Plugin Moderate
CVE-2021-21673 was published for org.jenkins-ci.plugins:cas-plugin (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files Moderate
CVE-2021-21644 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Build With Parameters Plugin Moderate
CVE-2021-21628 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Build With Parameters Plugin High
CVE-2021-21629 was published for org.jenkins-ci.plugins:build-with-parameters (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Rundeck Plugin High
CVE-2020-2144 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins CVS Plugin Moderate
CVE-2020-2184 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API