Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,354
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,779
NuGet
681
pip
3,460
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

21,259 advisories

Loading
Reflected XSS in Jenkins Compatibility Action Storage Plugin Moderate
CVE-2020-2217 was published for org.jenkins-ci.plugins:compatibility-action-storage (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Zephyr for JIRA Test Management Plugin Moderate
CVE-2020-2215 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
Content-Security-Policy protection for user content disabled by Jenkins ZAP Pipeline Plugin Moderate
CVE-2020-2214 was published for com.vrondakis.zap:zap-pipeline (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Link Column Plugin Moderate
CVE-2020-2219 was published for org.jenkins-ci.plugins:link-column (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins VncViewer Plugin Moderate
CVE-2020-2207 was published for org.jenkins-ci.plugins:vncviewer (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2204 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Reflected XSS vulnerability in Jenkins VncRecorder Plugin Moderate
CVE-2020-2206 was published for org.jenkins-ci.plugins:vncrecorder (Maven) May 24, 2022
NotMyFault
Credentials stored in plain text by Jenkins White Source Plugin Moderate
CVE-2020-2213 was published for org.jenkins-ci.plugins:whitesource (Maven) May 24, 2022
NotMyFault
Password stored in plain text by Jenkins TestComplete support Plugin Moderate
CVE-2020-2209 was published for org.jenkins-ci.plugins:TestComplete (Maven) May 24, 2022
NotMyFault
Secret stored in plain text by Jenkins Slack Upload Plugin Moderate
CVE-2020-2208 was published for org.jenkins-ci.plugins:slack-uploader (Maven) May 24, 2022
NotMyFault
Secret stored in plain text by Jenkins GitHub Coverage Reporter Plugin Moderate
CVE-2020-2212 was published for io.jenkins.plugins:github-coverage-reporter (Maven) May 24, 2022
NotMyFault
Passwords transmitted in plain text by Jenkins Stash Branch Parameter Plugin Low
CVE-2020-2210 was published for org.jenkins-ci.plugins:StashBranchParameter (Maven) May 24, 2022
NotMyFault
RCE vulnerability in ElasticBox Jenkins Kubernetes CI/CD Plugin High
CVE-2020-2211 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
CSRF vulnerability in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2203 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins VncRecorder Plugin Moderate
CVE-2020-2205 was published for org.jenkins-ci.plugins:vncrecorder (Maven) May 24, 2022
NotMyFault
Stored XSS vulnerability in Jenkins Sonargraph Integration Plugin Moderate
CVE-2020-2201 was published for org.jenkins-ci.plugins:sonargraph-integration (Maven) May 24, 2022
NotMyFault
Magento security mitigation bypass vulnerability Critical
CVE-2020-9632 was published for magento/community-edition (Composer) May 24, 2022
Magento business logic error vulnerability Critical
CVE-2020-9630 was published for magento/community-edition (Composer) May 24, 2022
Magento security mitigation bypass vulnerability Critical
CVE-2020-9631 was published for magento/community-edition (Composer) May 24, 2022
Magento defense-in-depth security mitigation vulnerability High
CVE-2020-9591 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9583 was published for magento/community-edition (Composer) May 24, 2022
Magento Defense-in-depth security mitigation vulnerability Critical
CVE-2020-9585 was published for magento/community-edition (Composer) May 24, 2022
Magento command injection vulnerability Critical
CVE-2020-9582 was published for magento/community-edition (Composer) May 24, 2022
Magento authorization bypass vulnerability High
CVE-2020-9587 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database