Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

156 advisories

Loading
Stored XSS vulnerability in multiple axis builds tooltips in Jenkins Matrix Project Plugin High
CVE-2020-2225 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins 'keep forever' badge icon High
CVE-2020-2222 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins console links High
CVE-2020-2223 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in single axis builds tooltips in Jenkins Matrix Project Plugin High
CVE-2020-2224 was published for org.jenkins-ci.plugins:matrix-project (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins upstream cause High
CVE-2020-2221 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins job build time trend High
CVE-2020-2220 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30970 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Autocomplete Parameter Plugin High
CVE-2022-30961 was published for org.jenkins-ci.plugins:autocomplete-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Application Detector Plugin High
CVE-2022-30960 was published for org.jenkins-ci.plugins:app-detector (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Global Variable String Parameter Plugin High
CVE-2022-30962 was published for org.jenkins-ci.plugins:global-variable-string-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins vboxwrapper Plugin High
CVE-2022-30968 was published for org.jenkins-ci.plugins:vboxwrapper (Maven) May 18, 2022
NotMyFault
Stored Cross-site Scripting vulnerabilities in Jenkins promoted Builds (Simple) plugin providing additional parameter types High
CVE-2022-30965 was published for org.jenkins-ci.plugins:promoted-builds-simple (Maven) May 18, 2022
NotMyFault
Cross site scripting in Jenkins Selection tasks Plugin High
CVE-2022-30967 was published for org.jvnet.hudson.plugins:selection-tasks-plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Multiselect parameter Plugin High
CVE-2022-30964 was published for io.jenkins.plugins:multiselect-parameter (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins JDK Parameter Plugin High
CVE-2022-30963 was published for org.jenkins-ci.plugins:JDK_Parameter_Plugin (Maven) May 18, 2022
NotMyFault
Cross-site Scripting in Jenkins Rundeck Plugin High
CVE-2022-30956 was published for org.jenkins-ci.plugins:rundeck (Maven) May 18, 2022
NotMyFault
Improper Neutralization of Input During Web Page Generation in Apache Tomcat High
CVE-2015-5346 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Stored Cross-site Scripting vulnerability in Jenkins Gerrit Trigger Plugin High
CVE-2022-29039 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) Apr 13, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Promoted Builds Plugin High
CVE-2022-29045 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault
Promotion names in Jenkins promoted builds Plugin are not validated when using Job DSL High
CVE-2022-29049 was published for org.jenkins-ci.plugins:promoted-builds (Maven) Apr 13, 2022
NotMyFault westonsteimel
Cross-site Scripting (XSS) vulnerability in Jenkins Continuous Integration with Toad Edge Plugin High
CVE-2022-28145 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Job and Node ownership Plugin High
CVE-2022-28149 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Extended Choice Parameter Plugin High
CVE-2022-27202 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Environment Dashboard Plugin High
CVE-2022-27213 was published for io.jenkins.plugins:environment-dashboard (Maven) Mar 16, 2022
NotMyFault
Stored Cross-site Scripting vulnerability in Jenkins Custom Checkbox Parameter Plugin High
CVE-2022-25189 was published for io.jenkins.plugins:custom-checkbox-parameter (Maven) Feb 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database