GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,773
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
624 advisories
Filter by severity
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Moderate
CVE-2022-34780
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins Validating Email Parameter Plugin
High
CVE-2022-34791
was published
for
io.jenkins.plugins:validating-email-parameter
(Maven)
Jul 1, 2022
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
Moderate
CVE-2022-34779
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
XML External Entity Reference in Jenkins Recipe Plugin
High
CVE-2022-34793
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins Recipe Plugin
High
CVE-2022-34794
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34797
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins Deployment Dashboard Plugin
High
CVE-2022-34795
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins Plot Plugin
High
CVE-2022-34783
was published
for
org.jenkins-ci.plugins:plot
(Maven)
Jul 1, 2022
Cross site scripting in Jenkins build-metrics Plugin
High
CVE-2022-34784
was published
for
org.jenkins-ci.plugins:build-metrics
(Maven)
Jul 1, 2022
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Moderate
CVE-2022-34781
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins TestNG Results Plugin
High
CVE-2022-34778
was published
for
org.jenkins-ci.plugins:testng-plugin
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins eXtreme Feedback Panel Plugin
High
CVE-2022-34790
was published
for
org.jenkins-ci.plugins:xfpanel
(Maven)
Jul 1, 2022
Cross-site Scripting in Jenkins GitLab Plugin
High
CVE-2022-34777
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Jul 1, 2022
Jenkins Project Inheritance Plugin vulnerable to cross site scripting
High
CVE-2022-34787
was published
for
hudson.plugins:project-inheritance
(Maven)
Jul 1, 2022
Jenkins Matrix Reloaded Plugin vulnerable to CSRF
Moderate
CVE-2022-34789
was published
for
net.praqma:matrix-reloaded
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins ThreadFix Plugin
Moderate
CVE-2022-34209
was published
for
org.jenkins-ci.plugins:threadfix
(Maven)
Jun 24, 2022
Cross-site Scripting in Jenkins Stash Branch Parameter Plugin
High
CVE-2022-34198
was published
for
org.jenkins-ci.plugins:StashBranchParameter
(Maven)
Jun 24, 2022
Squash TM Publisher (Squash4Jenkins) Plugin stores passwords stored in plain text
Low
CVE-2022-34213
was published
for
org.jenkins-ci.plugins:squashtm-publisher
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Beaker builder Plugin
Moderate
CVE-2022-34207
was published
for
org.jenkins-ci.plugins:beaker-builder
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
Moderate
CVE-2022-34211
was published
for
org.jenkins-ci.plugins:vmware-vrealize-orchestrator
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin
Moderate
CVE-2022-34205
was published
for
org.jenkins-ci.plugins:jianliao
(Maven)
Jun 24, 2022
Missing permission check in Jenkins ThreadFix Plugin
Moderate
CVE-2022-34210
was published
for
org.jenkins-ci.plugins:threadfix
(Maven)
Jun 24, 2022
Missing permission check in Jenkins vRealize Orchestrator Plugin
Moderate
CVE-2022-34212
was published
for
org.jenkins-ci.plugins:vmware-vrealize-orchestrator
(Maven)
Jun 24, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement
Moderate
CVE-2022-34180
was published
for
org.jenkins-ci.plugins:embeddable-build-status
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API