Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption Moderate
CVE-2023-35925 was published for com.fastasyncworldedit:FastAsyncWorldEdit-Bukkit (Maven) Jun 22, 2023
SuperMonis dordsor21
NotMyFault
Credited to SuperMonis, dordsor21, and NotMyFault
Stored XSS vulnerability in Jenkins Checkmarx Plugin High
CVE-2022-46684 was published for com.checkmarx.jenkins:checkmarx (Maven) Dec 12, 2022
NotMyFault
Credited to NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin disables SSL/TLS certificate validation globally and unconditionally Moderate
CVE-2022-45391 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability on agents in Jenkins OSF Builder Suite : : XML Linter Plugin Moderate
CVE-2022-45397 was published for org.jenkins-ci:update-center2 (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability in Jenkins JAPEX Plugin High
CVE-2022-45400 was published for org.jvnet.hudson.plugins:japex (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Plaintext Storage of a Password in Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-45392 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XML External Entity Reference in Jenkins CCCC Plugin Critical
CVE-2022-45395 was published for com.thalesgroup.jenkins-ci.plugins:cccc (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Cross-Site Request Forgery in Jenkins Cluster Statistics Plugin Moderate
CVE-2022-45398 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Jenkins Reverse Proxy Auth Plugin vulnerable due to plaintext storage of passwords Moderate
CVE-2022-45384 was published for org.jenkins-ci.main:reverse-proxy-auth-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability on agents in Jenkins SourceMonitor Plugin Moderate
CVE-2022-45396 was published for com.thalesgroup.hudson.plugins:sourcemonitor (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Jenkins BART Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45387 was published for org.jenkins-ci.plugins:bart (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
XML External Entity Reference in Jenkins Violations Plugin Moderate
CVE-2022-45386 was published for org.jenkins-ci.plugins:violations (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Jenkins Associated Files Plugin vulnerable to cross-site scripting (XSS) High
CVE-2022-45401 was published for org.jenkins-ci.main:associated-files-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Missing permission check in Jenkins Delete log Plugin Moderate
CVE-2022-45394 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Cross-Site Request Forgery in Jenkins Delete log Plugin Moderate
CVE-2022-45393 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Jenkins Config Rotator Plugin vulnerable to path traversal High
CVE-2022-45388 was published for org.jenkins-ci.main:config-rotator (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Cross-site Scripting in Jenkins Naginator Plugin Moderate
CVE-2022-45382 was published for org.jenkins-ci.plugins:naginator (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion High
CVE-2022-45380 was published for org.jenkins-ci.plugins:junit (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin High
CVE-2022-45381 was published for org.jenkins-ci.plugins:pipeline-utility-steps (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
SSL/TLS certificate validation unconditionally disabled by Jenkins NS-ND Integration Performance Publisher Plugin Moderate
CVE-2022-38666 was published for org.jenkins-ci.main:cavisson-ns-nd-integration (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions High
CVE-2022-45379 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin High
CVE-2022-43407 was published for org.jenkins-ci.plugins:pipeline-input-step (Maven) Oct 19, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database