Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

210 advisories

CSRF vulnerability in Jenkins Xray - Test Management for Jira Plugin allows capturing credentials High
CVE-2021-21652 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
NotMyFault
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Improper Restriction of XML External Entity Reference in Jenkins Chef Sinatra High
CVE-2022-25209 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25207 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins dbCharts Plugin High
CVE-2022-25205 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins SCP publisher Plugin High
CVE-2022-25198 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Agent Server Parameter Plugin High
CVE-2022-25191 was published for io.jenkins.plugins:agent-server-parameter (Maven) Feb 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27210 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability in Jenkins CloudBees AWS Credentials Plugin High
CVE-2022-27198 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin High
CVE-2022-27202 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Semantic Versioning Plugin High
CVE-2022-27201 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Mar 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins P4 Plugin High
CVE-2021-21655 was published for org.jenkins-ci.plugins:p4 (Maven) Mar 18, 2022
NotMyFault
Cross site request forgery in Jenkins Job and Node ownership Plugin High
CVE-2022-28150 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin High
CVE-2022-28149 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin High
CVE-2022-28145 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
CSRF vulnerability and missing permission check in Jenkins JiraTestResultReporter Plugin High
CVE-2022-28136 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
XML External Entity Reference vulnerability in Jenkins Pipeline: Phoenix AutoTest Plugin High
CVE-2022-28155 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API