Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,449
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,464
NuGet
595
pip
2,880
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45401 was published for org.jenkins-ci.main:associated-files-plugin (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
Jenkins Config Rotator Plugin vulnerable to path traversal High
CVE-2022-45388 was published for org.jenkins-ci.main:config-rotator (Maven) Nov 16, 2022
NotMyFault
Jenkins BART Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45387 was published for org.jenkins-ci.plugins:bart (Maven) Nov 16, 2022
NotMyFault
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin High
CVE-2022-45381 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) Nov 16, 2022
NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-43425 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins XFramium Builder Plugin High
CVE-2022-43432 was published for org.jenkins-ci.plugins:xframium (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin High
CVE-2022-43433 was published for io.jenkins.plugins:screenrecorder (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43428 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin High
CVE-2022-43409 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) Oct 19, 2022
NotMyFault
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43404 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Groovy Libraries Plugin and Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43405 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerability in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-43406 was published for io.jenkins.plugins:pipeline-groovy-lib (Maven) Oct 19, 2022
NotMyFault
Sandbox bypass vulnerabilities in Jenkins Script Security Plugin and in Pipeline: Groovy Plugin High
CVE-2022-43401 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content can be disabled in Jenkins 360 FireLine Plugin High
CVE-2022-43435 was published for org.jenkins-ci.plugins.plugin:fireline (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin High
CVE-2022-43420 was published for org.jenkins-ci.plugins:contrast-continuous-application-security (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
Stored XSS vulnerability in Jenkins DotCi Plugin High
CVE-2022-41239 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Walti plugin High
CVE-2022-41240 was published for org.jenkins-ci.plugins:walti (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API