GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
Jenkins Apprenda Plugin has Missing Authorization vulnerability
Moderate
CVE-2022-41251
was published
for
org.jenkins-ci.plugins:apprenda
(Maven)
Sep 22, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36883
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests
Moderate
CVE-2022-36888
was published
for
com.datapipe.jenkins.plugins:hashicorp-vault-plugin
(Maven)
Jul 28, 2022
Missing permission checks in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36912
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36909
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Lucene-Search Plugin does not perform permission checks in several HTTP endpoints
Moderate
CVE-2022-36910
was published
for
org.jenkins-ci.plugins:lucene-search
(Maven)
Jul 28, 2022
Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents
Moderate
CVE-2022-36915
was published
for
org.jenkins-ci.plugins:android-signing
(Maven)
Jul 28, 2022
Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation
Moderate
CVE-2022-36904
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
Jul 28, 2022
Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
Moderate
CVE-2022-36919
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs
Moderate
CVE-2022-36903
was published
for
org.jenkins-ci.plugins:repository-connector
(Maven)
Jul 28, 2022
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation
Moderate
CVE-2022-36913
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation
Moderate
CVE-2022-36918
was published
for
org.jenkins-ci.plugins:buckminster
(Maven)
Jul 28, 2022
Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system
Moderate
CVE-2022-36914
was published
for
org.jenkins-ci.plugins:files-found-trigger
(Maven)
Jul 28, 2022
Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization
Moderate
CVE-2022-36897
was published
for
com.compuware.jenkins:compuware-xpediter-code-coverage
(Maven)
Jul 28, 2022
Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs
Moderate
CVE-2022-36891
was published
for
org.jenkins-ci.plugins:deployer-framework
(Maven)
Jul 28, 2022
Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup.
Moderate
CVE-2022-36917
was published
for
org.jenkins-ci.plugins:google-cloud-backup
(Maven)
Jul 28, 2022
Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints
Moderate
CVE-2022-36898
was published
for
com.compuware.jenkins:compuware-ispw-operations
(Maven)
Jul 28, 2022
Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation
Moderate
CVE-2022-36892
was published
for
org.jenkins-ci.plugins:rhnpush-plugin
(Maven)
Jul 28, 2022
Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation
Moderate
CVE-2022-36893
was published
for
org.jenkins-ci.plugins:rpmsign-plugin
(Maven)
Jul 28, 2022
Jenkins Compuware Topaz Utilities Plugin is missing authorization
Moderate
CVE-2022-36895
was published
for
com.compuware.jenkins:compuware-topaz-utilities
(Maven)
Jul 28, 2022
Jenkins Compuware Source Code Download is missing authorization
Moderate
CVE-2022-36896
was published
for
com.compuware.jenkins:compuware-scm-downloader
(Maven)
Jul 28, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36907
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Jenkins XPath Configuration Viewer Plugin Missing Authorization vulnerability
Moderate
CVE-2022-34813
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
Jenkins RQM Plugin allows enumerating credentials IDs due to missing permission check
Moderate
CVE-2022-34810
was published
for
net.praqma:rqm-plugin
(Maven)
Jul 1, 2022
Jenkins Failed Job Deactivator Plugin Missing Authorization vulnerability
Moderate
CVE-2022-34818
was published
for
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API