Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

624 advisories

Loading
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault nhakmiller
Credited to NotMyFault and nhakmiller
Passwords stored in plain text by Harvest SCM Plugin Moderate
CVE-2020-2131 was published for org.jenkins-ci.plugins:harvest (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Passwords stored in plain text by Harvest SCM Plugin Moderate
CVE-2020-2130 was published for org.jenkins-ci.plugins:harvest (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by Applatix Plugin Moderate
CVE-2020-2133 was published for com.applatix.jenkins:applatix (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Token stored in plain text by DigitalOcean Plugin Low
CVE-2020-2126 was published for com.dubture.jenkins:digitalocean-plugin (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
RCE vulnerability in RadarGun Plugin High
CVE-2020-2123 was published for org.jenkins-ci.plugins:radargun (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability in FitNesse Plugin High
CVE-2020-2120 was published for org.jenkins-ci.plugins:fitnesse (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Jenkins brakeman Plugin Moderate
CVE-2020-2122 was published for org.jenkins-ci.plugins:brakeman (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
RCE vulnerability in Google Kubernetes Engine Plugin High
CVE-2020-2121 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Credentials stored in plain text by debian-package-builder Plugin Low
CVE-2020-2125 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Credential stored in plain text by BMC Release Package and Deployment Plugin Low
CVE-2020-2127 was published for RPD:bmc-rpd (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by Dynamic Extended Choice Parameter Plugin Moderate
CVE-2020-2124 was published for com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by ECX Copy Data Management Plugin Moderate
CVE-2020-2128 was published for com.catalogic.ecxjenkins:catalogic-ecx (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Password stored in plain text by Parasoft Environment Manager Plugin Moderate
CVE-2020-2132 was published for com.parasoft:environment-manager (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins S3 Publisher Plugin transmits credentials in plain text during configuration Low
CVE-2020-2114 was published for org.jenkins-ci.plugins:s3 (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins Git Parameter Plugin vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-2113 was published for org.jenkins-ci.tools:git-parameter (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability in NUnit Plugin High
CVE-2020-2115 was published for org.jenkins-ci.plugins:nunit (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS) Moderate
CVE-2020-2112 was published for org.jenkins-ci.tools:git-parameter (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2116 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2117 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Client secret transmitted in plain text by Azure AD Plugin Low
CVE-2020-2119 was published for org.jenkins-ci.plugins:azure-ad (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin Moderate
CVE-2020-2118 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Stored XSS vulnerability in Code Coverage API Plugin Moderate
CVE-2020-2106 was published for io.jenkins.plugins:code-coverage-api (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
XXE vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2020-2108 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Fortify Plugin stored credentials in plain text Moderate
CVE-2020-2107 was published for org.jenkins-ci.plugins:fortify (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database