GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
CSRF vulnerability in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36911
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted
Low
CVE-2022-36901
was published
for
org.jenkins-ci.plugins:http_request
(Maven)
Jul 28, 2022
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin
High
CVE-2022-36894
was published
for
org.jenkins-ci.plugins:clif-performance-testing
(Maven)
Jul 28, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin
Moderate
CVE-2022-36899
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin
Low
CVE-2022-34816
was published
for
org.jenkins-ci.plugins:hpe-network-virtualization
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Jigomerge Plugin
Low
CVE-2022-34806
was published
for
org.jenkins-ci.plugins:jigomerge
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin
Moderate
CVE-2022-34817
was published
for
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator
(Maven)
Jul 1, 2022
Password stored in plain text by Jenkins RQM Plugin
Low
CVE-2022-34809
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34815
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
Moderate
CVE-2022-34810
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Skype notifier Plugin
Low
CVE-2022-34805
was published
for
org.jenkins-ci.plugins:skype-notifier
(Maven)
Jul 1, 2022
Token stored in plain text by Jenkins Cisco Spark Plugin
Low
CVE-2022-34808
was published
for
org.jenkins-ci.plugins:cisco-spark
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34812
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34811
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34814
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin
Low
CVE-2022-34807
was published
for
org.jenkins-ci.plugins:elasticsearch-query
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Build Notifications Plugin
Low
CVE-2022-34800
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin
Low
CVE-2022-34801
was published
for
tools.devnull:build-notifications
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin
Low
CVE-2022-34799
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin
Low
CVE-2022-34802
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Jul 1, 2022
Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS
High
CVE-2022-34788
was published
for
net.praqma:matrix-reloaded
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins requests-plugin
Moderate
CVE-2022-34782
was published
for
org.jenkins-ci.plugins:requests
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34798
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Recipe Plugin
High
CVE-2022-34792
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins Rich Text Publisher Plugin
High
CVE-2022-34786
was published
for
org.jenkins-ci.plugins:rich-text-publisher-plugin
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API