Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin High
CVE-2020-2211 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin Low
CVE-2020-2210 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Missing permission checks in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2204 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Reflected XSS vulnerability in Jenkins VncViewer Plugin Moderate
CVE-2020-2207 was published for org.jenkins-ci.plugins:vncviewer (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Credentials stored in plain text by Jenkins White Source Plugin Moderate
CVE-2020-2213 was published for org.jenkins-ci.plugins:whitesource (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin Moderate
CVE-2020-2212 was published for io.jenkins.plugins:github-coverage-reporter (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Secret stored in plain text by Jenkins Slack Upload Plugin Moderate
CVE-2020-2208 was published for org.jenkins-ci.plugins:slack-uploader (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Reflected XSS vulnerability in Jenkins VncRecorder Plugin Moderate
CVE-2020-2206 was published for org.jenkins-ci.plugins:vncrecorder (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by Jenkins TestComplete support Plugin Moderate
CVE-2020-2209 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin Moderate
CVE-2020-2201 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
CSRF vulnerability in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2203 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Jenkins VncRecorder Plugin Moderate
CVE-2020-2205 was published for org.jenkins-ci.plugins:vncrecorder (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
OS command injection vulnerability in Jenkins Play Framework Plugin High
CVE-2020-2200 was published for org.jenkins-ci.plugins:play-autotest-plugin (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
XSS vulnerability in Jenkins Subversion Partial Release Manager Plugin Moderate
CVE-2020-2199 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
CSRF vulnerability in Jenkins Swarm Plugin Moderate
CVE-2020-2192 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2197 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2198 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Jenkins ECharts API Plugin Moderate
CVE-2020-2193 was published for io.jenkins.plugins:echarts-api (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Jenkins ECharts API Plugin Moderate
CVE-2020-2194 was published for io.jenkins.plugins:echarts-api (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Complete lack of CSRF protection in Jenkins Selenium Plugin can lead to OS command injection High
CVE-2020-2196 was published for org.jenkins-ci.plugins:selenium (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Jenkins Compact Columns Plugin Moderate
CVE-2020-2195 was published for org.jenkins-ci.plugins:compact-columns (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Lack of SSL/TLS certificate and hostname validation in Amazon EC2 Plugin Moderate
CVE-2020-2187 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
CSRF vulnerability in Jenkins CVS Plugin Moderate
CVE-2020-2184 was published for org.jenkins-ci.plugins:cvs (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database