Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,449
Erlang
29
GitHub Actions
16
Go
1,669
Maven
4,929
npm
3,464
NuGet
595
pip
2,880
Pub
10
RubyGems
824
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

335 advisories

FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
Cross-Site Request Forgery in Jenkins Delete log Plugin Moderate
CVE-2022-45393 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Missing permission check in Jenkins Delete log Plugin Moderate
CVE-2022-45394 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-45392 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally Moderate
CVE-2022-45391 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin Moderate
CVE-2022-45398 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
XML External Entity Reference in Jenkins Violations Plugin Moderate
CVE-2022-45386 was published for org.jenkins-ci.plugins:violations (Maven) Nov 16, 2022
NotMyFault
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords Moderate
CVE-2022-45384 was published for org.jenkins-ci.main:reverse-proxy-auth-plugin (Maven) Nov 16, 2022
NotMyFault
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-38666 was published for org.jenkins-ci.main:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Xpediter Code Coverage Plugin Moderate
CVE-2022-43424 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin Moderate
CVE-2022-43423 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Oct 19, 2022
NotMyFault
Agent-to-controller security bypass vulnerability in Jenkins Compuware Topaz Utilities Plugin Moderate
CVE-2022-43422 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Oct 19, 2022
NotMyFault
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
CSRF vulnerability in Jenkins Katalon Plugin allows capturing credentials Moderate
CVE-2022-43418 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Webhook endpoint discloses job names to unauthorized users in Jenkins Mercurial Plugin Moderate
CVE-2022-43410 was published for org.jenkins-ci.plugins:mercurial (Maven) Oct 19, 2022
NotMyFault
API keys stored in plain text by Jenkins Katalon Plugin Moderate
CVE-2022-43419 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault tdunlap607
Missing hostname validation in Jenkins View26 Test-Reporting Plugin Moderate
CVE-2022-41244 was published for org.jenkins-ci.plugins:view26 (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41228 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API