Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Improper permission checks in Jenkins Copy Artifact Plugin Moderate
CVE-2020-2183 was published for org.jenkins-ci.plugins:copyartifact (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins upstream cause High
CVE-2020-2221 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins 'keep forever' badge icon High
CVE-2020-2222 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2289 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Active Choices Plugin Moderate
CVE-2020-2290 was published for org.biouno:uno-choice (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins Cross-site Scripting vulnerability in project naming strategy High
CVE-2020-2230 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Request logging bypass in Jenkins Audit Trail Plugin Moderate
CVE-2020-2287 was published for org.jenkins-ci.plugins:audit-trail (Maven) Feb 10, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Jenkins Configuration Slicing Plugin High
CVE-2021-21617 was published for org.jenkins-ci.plugins:configurationslicing (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Matrix Authorization Strategy Plugin High
CVE-2020-2226 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin High
CVE-2020-2225 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Redgate SQL Change Automation Plugin stored credentials in plain text Moderate
CVE-2020-2095 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2093 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Amazon EC2 Plugin Low
CVE-2020-2186 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper Authentication (empty password) in Jenkins Active Directory Plugin Critical
CVE-2020-2300 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
westonsteimel Credited to westonsteimel and NotMyFault NotMyFault NotMyFault
Missing permission check in Blue Ocean Plugin Moderate
CVE-2020-2255 was published for io.jenkins.blueocean:blueocean (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Pipeline Maven Integration Plugin via unescaped display name High
CVE-2020-2256 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Yet Another Build Visualizer Plugin High
CVE-2020-2236 was published for com.axis.system.jenkins.plugins.downstream:yet-another-build-visualizer (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2094 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins Implied Labels Plugin allows reconfiguring the plugin Moderate
CVE-2020-2282 was published for org.jenkins-ci.plugins:implied-labels (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Mac Plugin Moderate
CVE-2020-2147 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
CSRF vulnerability in Jenkins Active Directory Plugin Moderate
CVE-2020-2303 was published for org.jenkins-ci.plugins:active-directory (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database