Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41227 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Security Inspector plugin Moderate
CVE-2022-41236 was published for org.jenkins-ci.plugins:security-inspector (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins Worksoft Execution Manager Plugin allows capturing credentials Moderate
CVE-2022-41245 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Jenkins SCM HttpClient Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2022-41249 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41253 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
XWiki Cross-Site Request Forgery (CSRF) for actions on tags Moderate
CVE-2022-36095 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Sep 16, 2022
Apache JSPWiki CSRF due to crafted request on UserPreferences.jsp Moderate
CVE-2022-28731 was published for org.apache.jspwiki:jspwiki-main (Maven) Aug 5, 2022
Jenkins Job Configuration History Plugin does not require POST requests for several HTTP endpoints Moderate
CVE-2022-36887 was published for org.jenkins-ci.plugins:jobConfigHistory (Maven) Jul 28, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36882 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
External Monitor Job Type Plugin does not require POST requests for an HTTP endpoint Moderate
CVE-2022-36886 was published for org.jenkins-ci.plugins:external-monitor-job (Maven) Jul 28, 2022
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36906 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36908 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins Google Cloud Backup Plugin Moderate
CVE-2022-36916 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
NotMyFault
CSRF vulnerability in Jenkins openstack-heat Plugin Moderate
CVE-2022-36911 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34815 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34812 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Failed Job Deactivator Plugin Moderate
CVE-2022-34817 was published for de.einsundeins.jenkins.plugins.failedjobdeactivator:failedJobDeactivator (Maven) Jul 1, 2022
NotMyFault
Jenkins Matrix Reloaded Plugin vulnerable to CSRF Moderate
CVE-2022-34789 was published for net.praqma:matrix-reloaded (Maven) Jul 1, 2022
NotMyFault
CSRF vulnerability in Jenkins XebiaLabs XL Release Plugin allow capturing credentials Moderate
CVE-2022-34780 was published for com.xebialabs.ci:xlrelease-plugin (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34797 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins ThreadFix Plugin Moderate
CVE-2022-34209 was published for org.jenkins-ci.plugins:threadfix (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins vRealize Orchestrator Plugin Moderate
CVE-2022-34211 was published for org.jenkins-ci.plugins:vmware-vrealize-orchestrator (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Jianliao Notification Plugin Moderate
CVE-2022-34205 was published for org.jenkins-ci.plugins:jianliao (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Beaker builder Plugin Moderate
CVE-2022-34207 was published for org.jenkins-ci.plugins:beaker-builder (Maven) Jun 24, 2022
NotMyFault
Cross-Site Request Forgery in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34200 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API