Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

304 advisories

Loading
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41254 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials Moderate
CVE-2022-41250 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Jenkins Apprenda Plugin has Missing Authorization vulnerability Moderate
CVE-2022-41251 was published for org.jenkins-ci.plugins:apprenda (Maven) Sep 22, 2022
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs Moderate
CVE-2022-41252 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate
CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022
NotMyFault
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins Compuware Source Code Download is missing authorization Moderate
CVE-2022-36896 was published for com.compuware.jenkins:compuware-scm-downloader (Maven) Jul 28, 2022
NotMyFault
Jenkins Deployer Framework Plugin allows attackers with Item/Read permission to read deployment logs Moderate
CVE-2022-36891 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Jenkins rhnpush-plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36892 was published for org.jenkins-ci.plugins:rhnpush-plugin (Maven) Jul 28, 2022
Jenkins rpmsign-plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36893 was published for org.jenkins-ci.plugins:rpmsign-plugin (Maven) Jul 28, 2022
Jenkins Compuware Topaz Utilities Plugin is missing authorization Moderate
CVE-2022-36895 was published for com.compuware.jenkins:compuware-topaz-utilities (Maven) Jul 28, 2022
Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints Moderate
CVE-2022-36898 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization Moderate
CVE-2022-36897 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Jul 28, 2022
Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate
CVE-2022-36903 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022
Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36904 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022
Lucene-Search Plugin does not perform permission checks in several HTTP endpoints Moderate
CVE-2022-36910 was published for org.jenkins-ci.plugins:lucene-search (Maven) Jul 28, 2022
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2022-36913 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system Moderate
CVE-2022-36914 was published for org.jenkins-ci.plugins:files-found-trigger (Maven) Jul 28, 2022
Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents Moderate
CVE-2022-36915 was published for org.jenkins-ci.plugins:android-signing (Maven) Jul 28, 2022
Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate
CVE-2022-36919 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36918 was published for org.jenkins-ci.plugins:buckminster (Maven) Jul 28, 2022
Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup. Moderate
CVE-2022-36917 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36907 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database