Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,757
Erlang
35
GitHub Actions
29
Go
2,327
Maven
5,000+
npm
3,960
NuGet
712
pip
3,741
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

22,783 advisories

Loading
Jenkins Compuware Xpediter Code Coverage Plugin Missing Authorization Moderate
CVE-2022-36897 was published for com.compuware.jenkins:compuware-xpediter-code-coverage (Maven) Jul 28, 2022
Jenkins Compuware ISPW Operations Plugin does not perform permission checks in several HTTP endpoints Moderate
CVE-2022-36898 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
Agent-to-controller security bypass in Jenkins BMC Compuware ISPW Operations plugin Moderate
CVE-2022-36899 was published for com.compuware.jenkins:compuware-ispw-operations (Maven) Jul 28, 2022
NotMyFault
Jenkins Repository Connector Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36904 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022
Stored XSS vulnerability in Jenkins Maven Metadata Plugin for Jenkins CI server plugin High
CVE-2022-36905 was published for eu.markov.jenkins.plugin.mvnmeta:maven-metadata-plugin (Maven) Jul 28, 2022
NotMyFault
Jenkins Compuware zAdviser API Plugin vulnerable to protection mechanism failure Moderate
CVE-2022-36900 was published for com.compuware.jenkins:compuware-zadviser-api (Maven) Jul 28, 2022
Jenkins Repository Connector Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate
CVE-2022-36903 was published for org.jenkins-ci.plugins:repository-connector (Maven) Jul 28, 2022
Jenkins HTTP Request Plugin stores HTTP Request passwords unencrypted Low
CVE-2022-36901 was published for org.jenkins-ci.plugins:http_request (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36907 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Lucene-Search Plugin does not perform permission checks in several HTTP endpoints Moderate
CVE-2022-36910 was published for org.jenkins-ci.plugins:lucene-search (Maven) Jul 28, 2022
Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents Moderate
CVE-2022-36915 was published for org.jenkins-ci.plugins:android-signing (Maven) Jul 28, 2022
Jenkins Files Found Trigger Plugin allows attackers to check for existence of attacker-specified file path on Jenkins controller file system Moderate
CVE-2022-36914 was published for org.jenkins-ci.plugins:files-found-trigger (Maven) Jul 28, 2022
Jenkins Openstack Heat Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2022-36913 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36918 was published for org.jenkins-ci.plugins:buckminster (Maven) Jul 28, 2022
Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup. Moderate
CVE-2022-36917 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
Jenkins Coverity Plugin allows attackers with Overall/Read permission to enumerate credentials IDs Moderate
CVE-2022-36919 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
Jenkins Lucene-Search Plugin vulnerable to reflected (XSS) cross-site scripting High
CVE-2022-36922 was published for org.jenkins-ci.plugins:lucene-search (Maven) Jul 28, 2022
Jenkins Deployer Framework Plugin does not restrict application path of applications when configuring a deployment Moderate
CVE-2022-36889 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
NotMyFault
Jenkins Deployer Framework Plugin vulnerable to Path Traversal Moderate
CVE-2022-36890 was published for org.jenkins-ci.plugins:deployer-framework (Maven) Jul 28, 2022
Missing permission check in Coverity Plugin allows capturing credentials High
CVE-2022-36921 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Google Cloud Backup Plugin Moderate
CVE-2022-36916 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Jenkins Coverity Plugin vulnerable to cross-site request forgery (CSRF) High
CVE-2022-36920 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database