GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
177 advisories
Filter by severity
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41227
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Security Inspector plugin
Moderate
CVE-2022-41236
was published
for
org.jenkins-ci.plugins:security-inspector
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials
Moderate
CVE-2022-41245
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-41249
was published
for
com.meowlomo.jenkins:scm-httpclient
(Maven)
Sep 22, 2022
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials
Moderate
CVE-2022-41253
was published
for
org.jenkins-ci.plugins:cons3rt
(Maven)
Sep 22, 2022
XWiki Cross-Site Request Forgery (CSRF) for actions on tags
Moderate
CVE-2022-36095
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Sep 16, 2022
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp
Moderate
CVE-2022-28731
was published
for
org.apache.jspwiki:jspwiki-main
(Maven)
Aug 5, 2022
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints
Moderate
CVE-2022-36887
was published
for
org.jenkins-ci.plugins:jobConfigHistory
(Maven)
Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook
Moderate
CVE-2022-36882
was published
for
org.jenkins-ci.plugins:git
(Maven)
Jul 28, 2022
External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint
Moderate
CVE-2022-36886
was published
for
org.jenkins-ci.plugins:external-monitor-job
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36906
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36908
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins Google Cloud Backup Plugin
Moderate
CVE-2022-36916
was published
for
org.jenkins-ci.plugins:google-cloud-backup
(Maven)
Jul 28, 2022
CSRF vulnerability in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36911
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34815
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34812
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin
Moderate
CVE-2022-34817
was published
for
de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator
(Maven)
Jul 1, 2022
Jenkins Matrix Reloaded Plugin vulnerable to CSRF
Moderate
CVE-2022-34789
was published
for
net.praqma:matrix-reloaded
(Maven)
Jul 1, 2022
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials
Moderate
CVE-2022-34780
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34797
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Cross-Site Request Forgery in Jenkins ThreadFix Plugin
Moderate
CVE-2022-34209
was published
for
org.jenkins-ci.plugins:threadfix
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin
Moderate
CVE-2022-34211
was published
for
org.jenkins-ci.plugins:vmware-vrealize-orchestrator
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin
Moderate
CVE-2022-34205
was published
for
org.jenkins-ci.plugins:jianliao
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Beaker builder Plugin
Moderate
CVE-2022-34207
was published
for
org.jenkins-ci.plugins:beaker-builder
(Maven)
Jun 24, 2022
Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34200
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API