GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,339
Composer 4,133
Erlang 29
GitHub Actions 19
Go 1,940
Maven 5,135
npm 3,677
NuGet 645
pip 3,295
Pub 11
RubyGems 877
Rust 830
Swift 35

Unreviewed advisories

All unreviewed 230,907

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

300 advisories

Filter by severity

Sort by

Least recently updated

Jenkins Apprenda Plugin has Missing Authorization vulnerability Moderate

CVE-2022-41251 was published for org.jenkins-ci.plugins:apprenda (Maven) Sep 22, 2022

Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate

CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022

Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate

CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022

Missing permission checks in Jenkins openstack-heat Plugin Moderate

CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022

Missing permission check in Jenkins OpenShift Deployer Plugin Moderate

CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022

Lucene-Search Plugin does not perform permission checks in several HTTP endpoints Moderate

CVE-2022-36910 was published for org.jenkins-ci.plugins:lucene-search (Maven) Jul 28, 2022

Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents Moderate

CVE-2022-36915 was published for org.jenkins-ci.plugins:android-signing (Maven) Jul 28, 2022

Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation Moderate

CVE-2022-36904 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022

Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate

CVE-2022-36919 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022

Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate

CVE-2022-36903 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022

Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation Moderate

CVE-2022-36913 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022

Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation Moderate

CVE-2022-36918 was published for org.jenkins-ci.plugins:buckminster (Maven) Jul 28, 2022

Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system Moderate

CVE-2022-36914 was published for org.jenkins-ci.plugins:files-found-trigger (Maven) Jul 28, 2022

Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization Moderate

CVE-2022-36897 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Jul 28, 2022

Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs Moderate

CVE-2022-36891 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022

Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup. Moderate

CVE-2022-36917 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022

Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints Moderate

CVE-2022-36898 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022

Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation Moderate

CVE-2022-36892 was published for org.jenkins-ci.plugins:rhnpush-plugin (Maven) Jul 28, 2022

Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation Moderate

CVE-2022-36893 was published for org.jenkins-ci.plugins:rpmsign-plugin (Maven) Jul 28, 2022

Jenkins Compuware Topaz Utilities Plugin is missing authorization Moderate

CVE-2022-36895 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Jul 28, 2022

Jenkins Compuware Source Code Download is missing authorization Moderate

CVE-2022-36896 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Jul 28, 2022

Missing permission check in Jenkins OpenShift Deployer Plugin Moderate

CVE-2022-36907 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022

Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability Moderate

CVE-2022-34813 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022

Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check Moderate

CVE-2022-34810 was published for net.praqma:rqm-plugin (Maven) Jul 1, 2022

Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability Moderate

CVE-2022-34818 was published for de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (Maven) Jul 1, 2022

Previous 1 2 3 4 5 6 7 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

300 advisories