Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,600 advisories

Loading
Sandbox bypass in Jenkins Script Security Plugin High
CVE-2023-24422 was published for org.jenkins-ci.plugins:script-security (Maven) Jan 26, 2023
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization Moderate
CVE-2023-24451 was published for org.jenkins-ci.plugins:cisco-spark-notifier-plugin (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials Moderate
CVE-2023-24433 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs Moderate
CVE-2023-24431 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins GitHub Pull Request Builder Plugin High
CVE-2023-24434 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
XML external entity reference vulnerability on agents in Jenkins Semantic Versioning Plugin Critical
CVE-2023-24430 was published for org.jenkins-ci.plugins:semantic-versioning-plugin (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins Orka Plugin allow capturing credentials High
CVE-2023-24432 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins Keycloak Authentication Plugin Critical
CVE-2023-24456 was published for org.jenkins-ci.plugins:keycloak (Maven) Jan 26, 2023
CSRF vulnerability in Jenkins TestQuality Updater Plugin High
CVE-2023-24452 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Path traversal vulnerability in Jenkins PWauth Security Realm Plugin Moderate
CVE-2023-24449 was published for org.jvnet.hudson.plugins:pwauth (Maven) Jan 26, 2023
XML Entity Expansion in Jenkins TestComplete support Plugin Critical
CVE-2023-24443 was published for org.jenkins-ci.plugins:TestComplete (Maven) Jan 26, 2023
Insufficient Session Expiration in Jenkins Azure AD Plugin High
CVE-2023-24426 was published for org.jenkins-ci.plugins:azure-ad (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins RabbitMQ Consumer Plugin High
CVE-2023-24447 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Open redirect vulnerability in Jenkins OpenID Plugin Moderate
CVE-2023-24445 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins Bitbucket OAuth Plugin Moderate
CVE-2023-24428 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins OpenID Plugin High
CVE-2023-24444 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin Moderate
CVE-2023-24448 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Plaintext storage of Access Token in Jenkins GitHub Pull Request Coverage Status Plugin Moderate
CVE-2023-24442 was published for org.jenkins-ci.plugins:github-pr-coverage-status (Maven) Jan 26, 2023
Cleartext Transmission of Sensitive Information in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24440 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Session fixation vulnerability in Jenkins Bitbucket OAuth Plugin Critical
CVE-2023-24427 was published for org.jenkins-ci.plugins:bitbucket-oauth (Maven) Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs Moderate
CVE-2023-24436 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Path Traversal in Jenkins visualexpert Plugin Moderate
CVE-2023-24455 was published for io.jenkins.plugins:visualexpert (Maven) Jan 26, 2023
Plaintext Storage of a Password in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24454 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Cross-site request forgery vulnerability in Jenkins OpenID Plugin High
CVE-2023-24446 was published for org.jenkins-ci.plugins:openid (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database