GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
161 advisories
Apache Geronimo console 1.0 vulnerable to cross-site scripting
Moderate
CVE-2006-0254
was published
for
geronimo:geronimo-console-standard
(Maven)
May 1, 2022
Multiple cross-site scripting (XSS) vulnerabilities in Roundup
Moderate
CVE-2012-6133
was published
for
roundup
(pip)
Apr 23, 2022
Cross-site scripting in markdown2 for python
Moderate
CVE-2009-3724
was published
for
markdown2
(pip)
Apr 21, 2022
Stored XSS in Jenkins CVS Plugin
Moderate
CVE-2022-29037
was published
for
org.jenkins-ci.plugins:cvs
(Maven)
Apr 13, 2022
Stored XSS vulnerability in Jenkins Git Parameter Plugin
Moderate
CVE-2022-29040
was published
for
org.jenkins-ci.tools:git-parameter
(Maven)
Apr 13, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin
Moderate
CVE-2022-29051
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
CSRF vulnerability in Jenkins Publish Over FTP Plugin
High
CVE-2022-29050
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL
High
CVE-2022-29049
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
Apr 13, 2022
XXE vulnerability in Jenkins Flaky Test Handler Plugin
High
CVE-2022-28140
was published
for
org.jenkins-ci.plugins:flaky-test-handler
(Maven)
Mar 30, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer
High
CVE-2022-27191
was published
for
golang.org/x/crypto
(Go)
Mar 19, 2022
Nomad Spread Job Stanza May Trigger Panic in Servers
Moderate
CVE-2022-24684
was published
for
github.com/hashicorp/nomad
(Go)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-25173
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Improper Neutralization of Special Elements used in an OS Command in Jenkins Pipeline: Shared Groovy Libraries Plugin
High
CVE-2022-25174
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25177
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin
Moderate
CVE-2022-25176
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
Feb 16, 2022
Link Following in Jenkins Pipeline Multibranch Plugin
Moderate
CVE-2022-25179
was published
for
org.jenkins-ci.plugins.workflow:workflow-multibranch
(Maven)
Feb 16, 2022
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2022-25178
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
Feb 16, 2022
Jenkins Support Core Plugin stores sensitive data in plain text
Moderate
CVE-2022-25187
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Feb 16, 2022
Missing permission check in Jenkins autonomiq Plugin
Moderate
CVE-2022-25195
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
CSRF vulnerability in Jenkins autonomiq plugin
High
CVE-2022-25194
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
HashiCorp Nomad Artifact Download Race Condition
Moderate
CVE-2022-24686
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Incorrect Default Permissions in Apache Tomcat
High
CVE-2020-8022
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
•
withdrawn
Observable Discrepancy and Observable Timing Discrepancy in Jenkins Configuration as Code Plugin
Low
CVE-2022-23106
was published
for
io.jenkins:configuration-as-code
(Maven)
Jan 21, 2022
Path Traversal in Jenkins Warnings Next Generation Plugin
High
CVE-2022-23107
was published
for
io.jenkins.plugins:warnings-ng
(Maven)
Jan 21, 2022
Stored XSS vulnerability in Matrix Project Plugin
Moderate
CVE-2022-20615
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
Jan 13, 2022
ProTip!
Advisories are also available from the
GraphQL API