Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,741
Erlang
29
GitHub Actions
16
Go
1,710
Maven
4,946
npm
3,474
NuGet
605
pip
3,001
Pub
10
RubyGems
828
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Cross-site Scripting vulnerability in Jenkins High
CVE-2022-34170 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault sunSUNQ
Cross-Site Request Forgery in Jenkins High
CVE-2020-2160 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault sunSUNQ
Stored XSS vulnerability in Jenkins Contrast Continuous Application Security Plugin High
CVE-2022-43420 was published for org.jenkins-ci.plugins:contrast-continuous-application-security (Maven) Oct 19, 2022
NotMyFault
Cross-site Scripting in Jenkins Deployment Dashboard Plugin High
CVE-2022-34795 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43428 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
XXE vulnerability in Jenkins Compuware Topaz for Total Test Plugin High
CVE-2022-43430 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins NeuVector Vulnerability Scanner Plugin High
CVE-2022-43434 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Common Configuration Plugin vulnerable to Improper Restriction of XML External Entity Reference High
CVE-2022-41226 was published for com.compuware.jenkins:compuware-common-configuration (Maven) Sep 22, 2022
NotMyFault
Jenkins vulnerable to stored cross site scripting in the I:helpIcon component High
CVE-2022-41224 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 22, 2022
NotMyFault
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin High
CVE-2022-43409 was published for org.jenkins-ci.plugins.workflow:workflow-support (Maven) Oct 19, 2022
NotMyFault
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin High
CVE-2022-45381 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) Nov 16, 2022
NotMyFault
XXE vulnerability in Jenkins REPO Plugin High
CVE-2022-43415 was published for org.jenkins-ci.plugins:repo (Maven) Oct 19, 2022
NotMyFault
Cross-site Scripting in Jenkins Plot Plugin High
CVE-2022-34783 was published for org.jenkins-ci.plugins:plot (Maven) Jul 1, 2022
NotMyFault
Unauthorized view fragment access in Jenkins High
CVE-2022-34175 was published for org.jenkins-ci.main:jenkins-core (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
XXE vulnerability in Jenkins OWASP Dependency-Check Plugin High
CVE-2021-43577 was published for org.jenkins-ci.plugins:dependency-check-jenkins-plugin (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Robot Framework Plugin High
CVE-2020-2092 was published for org.jenkins-ci.plugins:robot (Maven) May 24, 2022
NotMyFault
XXE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2020-2172 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
RCE vulnerability in Jenkins Yaml Axis Plugin High
CVE-2020-2179 was published for org.jenkins-ci.plugins:yaml-axis (Maven) May 24, 2022
NotMyFault
Jenkins Cross-Site Scripting vulnerability in help icons High
CVE-2020-2229 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Agent-to-controller access control allowed writing to sensitive directory used by Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2021-21696 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API