Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,318
Maven
5,000+
npm
3,950
NuGet
711
pip
3,730
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,719 advisories

Loading
Jenkins GitHub plugin uses weak webhook signature function Low
CVE-2022-36885 was published for com.coravy.hudson.plugins.github:github (Maven) Jul 28, 2022
westonsteimel NotMyFault
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate
CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022
NotMyFault
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints Moderate
CVE-2022-36887 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins Git client plugin 3.11.0 does not perform SSH host key verification Moderate
CVE-2022-36881 was published for org.jenkins-ci.plugins:git-client (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36884 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Arbitrary file write vulnerability in Jenkins CLIF Performance Testing plugin High
CVE-2022-36894 was published for org.jenkins-ci.plugins:clif-performance-testing (Maven) Jul 28, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin Moderate
CVE-2022-36899 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
NotMyFault
Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate
CVE-2022-36919 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate
CVE-2022-36903 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022
Stored XSS vulnerability in Jenkins Dynamic Extended Choice Parameter plugin High
CVE-2022-36902 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) Jul 28, 2022
NotMyFault
Jenkins Deployer Framework Plugin vulnerable to Path Traversal Moderate
CVE-2022-36890 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints Moderate
CVE-2022-36898 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization Moderate
CVE-2022-36897 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Jul 28, 2022
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure Moderate
CVE-2022-36900 was published for com.compuware.jenkins:compuware-zadviser-api (Maven) Jul 28, 2022
Jenkins Compuware Source Code Download is missing authorization Moderate
CVE-2022-36896 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Jul 28, 2022
NotMyFault
Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36904 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022
Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system Moderate
CVE-2022-36914 was published for org.jenkins-ci.plugins:files-found-trigger (Maven) Jul 28, 2022
Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36893 was published for org.jenkins-ci.plugins:rpmsign-plugin (Maven) Jul 28, 2022
Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs Moderate
CVE-2022-36891 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Jenkins Compuware Topaz Utilities Plugin is missing authorization Moderate
CVE-2022-36895 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Jul 28, 2022
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin High
CVE-2022-36905 was published for eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin (Maven) Jul 28, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database