Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,196
Maven
5,000+
npm
5,000+
NuGet
864
pip
4,483
Pub
12
RubyGems
992
Rust
1,186
Swift
51
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Agent-to-controller access control allows reading/writing most content of build directories in Jenkins Critical
CVE-2021-21697 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Path traversal vulnerability in Jenkins Subversion Plugin allows reading arbitrary files Moderate
CVE-2021-21698 was published for org.jenkins-ci.plugins:subversion (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper handling of equivalent directory names on Windows in Jenkins Moderate
CVE-2021-21682 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins SAML Plugin allows bypassing CSRF protection for any URL High
CVE-2021-21678 was published for org.jenkins-ci.plugins:saml (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin High
CVE-2021-21642 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs Moderate
CVE-2021-21645 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins CloudBees CD Plugin allows scheduling builds Moderate
CVE-2021-21647 was published for org.jenkins-ci.plugins:electricflow (Maven) May 24, 2022
NotMyFault Credited to NotMyFault and westonsteimel westonsteimel westonsteimel
XXE vulnerability in Jenkins Generic Webhook Trigger Plugin Critical
CVE-2021-21669 was published for org.jenkins-ci.plugins:generic-webhook-trigger (Maven) May 24, 2022
westonsteimel Credited to westonsteimel and NotMyFault NotMyFault NotMyFault
CSRF vulnerability in Jenkins promoted builds Plugin Moderate
CVE-2021-21641 was published for org.jenkins-ci.plugins:promoted-builds (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
RCE vulnerability in Jenkins Code Coverage API Plugin High
CVE-2021-21677 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins requests-plugin Plugin allows viewing pending requests Moderate
CVE-2021-21674 was published for org.jenkins-ci.plugins:requests (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21623 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins OWASP Dependency-Track Plugin allow capturing credentials Moderate
CVE-2021-21632 was published for org.jenkins-ci.plugins:dependency-track (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins Cloud Statistics Plugin Moderate
CVE-2021-21631 was published for org.jenkins-ci.plugins:cloud-stats (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Extra Columns Plugin Moderate
CVE-2021-21630 was published for org.jenkins-ci.plugins:extra-columns (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Stored XSS vulnerability in Jenkins Artifact Repository Parameter Plugin Moderate
CVE-2021-21622 was published for io.jenkins.plugins:artifact-repository-parameter (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Support bundles can include user session IDs in Jenkins Support Core Plugin Low
CVE-2021-21621 was published for org.jenkins-ci.plugins:support-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Insufficiently Protected Credentials in Jenkins Pipeline SCM API for Blue Ocean Plugin Moderate
CVE-2022-30952 was published for io.jenkins.blueocean:blueocean-pipeline-scm-api (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
Path traversal in Jenkins REPO Plugin Low
CVE-2022-30949 was published for org.jenkins-ci.plugins:git (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
Arbitrary file read vulnerability in workspace browsers in Jenkins Moderate
CVE-2021-21602 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
XSS vulnerability in Jenkins notification bar Moderate
CVE-2021-21603 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
XXE vulnerability in Jenkins Visualworks Store Plugin Moderate
CVE-2020-2315 was published for org.jenkins-ci.plugins:visualworks-store (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins AWS Global Configuration Plugin allows replacing plugin configuration Moderate
CVE-2020-2311 was published for io.jenkins.plugins:aws-global-configuration (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins Ansible Plugin allow enumerating credentials IDs Moderate
CVE-2020-2310 was published for org.jenkins-ci.plugins:ansible (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Improper handling of REST API XML deserialization errors in Jenkins High
CVE-2021-21604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database