Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

155 advisories

Loading
archivy is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
CVE-2021-4162 was published for archivy (pip) Jan 6, 2022
westonsteimel
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Stored XSS vulnerability in Jenkins Badge Plugin Moderate
CVE-2022-23108 was published for org.jenkins-ci.plugins:badge (Maven) Jan 13, 2022
westonsteimel
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Bitbucket Branch Source Plugin High
CVE-2022-20619 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
OS command execution vulnerability in Jenkins Docker Commons Plugin High
CVE-2022-20617 was published for org.jenkins-ci.plugins:docker-commons (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Stored XSS vulnerability in Matrix Project Plugin Moderate
CVE-2022-20615 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 13, 2022
westonsteimel
Path Traversal in Jenkins Warnings Next Generation Plugin High
CVE-2022-23107 was published for io.jenkins.plugins:warnings-ng (Maven) Jan 21, 2022
westonsteimel
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin Low
CVE-2022-23106 was published for io.jenkins:configuration-as-code (Maven) Jan 21, 2022
NotMyFault westonsteimel
Incorrect Default Permissions in Apache Tomcat High
CVE-2020-8022 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022 withdrawn
westonsteimel
HashiCorp Nomad Artifact Download Race Condition Moderate
CVE-2022-24686 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
westonsteimel
CSRF vulnerability in Jenkins autonomiq plugin High
CVE-2022-25194 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel NotMyFault
Missing permission check in Jenkins autonomiq Plugin Moderate
CVE-2022-25195 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2022-25178 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Link Following in Jenkins Pipeline Multibranch Plugin Moderate
CVE-2022-25179 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
westonsteimel
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin Moderate
CVE-2022-25176 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2022-25177 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin High
CVE-2022-25174 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin High
CVE-2022-25173 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database