Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

624 advisories

CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin Moderate
CVE-2022-36899 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Password stored in plain text by Jenkins RQM Plugin Low
CVE-2022-34809 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Skype notifier Plugin Low
CVE-2022-34805 was published for org.jenkins-ci.plugins:skype-notifier (Maven) Jul 1, 2022
NotMyFault
Token stored in plain text by Jenkins Cisco Spark Plugin Low
CVE-2022-34808 was published for org.jenkins-ci.plugins:cisco-spark (Maven) Jul 1, 2022
NotMyFault
Passwords stored in plain text by Jenkins hpe-network-virtualization plugin Low
CVE-2022-34816 was published for org.jenkins-ci.plugins:hpe-network-virtualization (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Jigomerge Plugin Low
CVE-2022-34806 was published for org.jenkins-ci.plugins:jigomerge (Maven) Jul 1, 2022
NotMyFault
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check Moderate
CVE-2022-34810 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin Moderate
CVE-2022-34817 was published for de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34812 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34815 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Missing Authorization in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34811 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34814 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Elasticsearch Query Plugin Low
CVE-2022-34807 was published for org.jenkins-ci.plugins:elasticsearch-query (Maven) Jul 1, 2022
NotMyFault
Cleartext Storage of Sensitive Information in Jenkins Build Notifications Plugin Low
CVE-2022-34801 was published for tools.devnull:build-notifications (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Deployment Dashboard Plugin Low
CVE-2022-34799 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins Build Notifications Plugin Low
CVE-2022-34800 was published for tools.devnull:build-notifications (Maven) Jul 1, 2022
NotMyFault
Jenkins Matrix Reloaded Plugin vulnerable to Stored XSS High
CVE-2022-34788 was published for net.praqma:matrix-reloaded (Maven) Jul 1, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins RocketChat Notifier Plugin Low
CVE-2022-34802 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins requests-plugin Moderate
CVE-2022-34782 was published for org.jenkins-ci.plugins:requests (Maven) Jul 1, 2022
NotMyFault
Missing Authorization in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34798 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Recipe Plugin High
CVE-2022-34792 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault
Cross-site Scripting in Jenkins Rich Text Publisher Plugin High
CVE-2022-34786 was published for org.jenkins-ci.plugins:rich-text-publisher-plugin (Maven) Jul 1, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API