GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
1,933 advisories
Whole-script approval in Jenkins Script Security Plugin vulnerable to SHA-1 collisions
High
CVE-2022-45379
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 16, 2022
Jenkins JUnit Plugin subject to Cross-site Scripting via URL conversion
High
CVE-2022-45380
was published
for
org.jenkins-ci.plugins:junit
(Maven)
Nov 16, 2022
Arbitrary file read vulnerability in Jenkins Pipeline Utility Steps Plugin
High
CVE-2022-45381
was published
for
org.jenkins-ci.plugins:pipeline-utility-steps
(Maven)
Nov 16, 2022
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF
High
CVE-2022-45129
was published
for
fish.payara.distributions:payara
(Maven)
Nov 10, 2022
Apache Tomcat may reject request containing invalid Content-Length header
High
CVE-2022-42252
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Nov 1, 2022
CSRF protection for any URL can be bypassed in Jenkins Pipeline: Input Step Plugin
High
CVE-2022-43407
was published
for
org.jenkins-ci.plugins:pipeline-input-step
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Pipeline: Supporting APIs Plugin
High
CVE-2022-43409
was published
for
org.jenkins-ci.plugins.workflow:workflow-support
(Maven)
Oct 19, 2022
Content-Security-Policy protection for user content disabled by Jenkins ScreenRecorder Plugin
High
CVE-2022-43433
was published
for
io.jenkins.plugins:screenrecorder
(Maven)
Oct 19, 2022
Stored XSS vulnerability in Jenkins Custom Checkbox Parameter Plugin
High
CVE-2022-43425
was published
for
io.jenkins.plugins:custom-checkbox-parameter
(Maven)
Oct 19, 2022
Agent-to-controller security bypass vulnerabilities in Jenkins Compuware Topaz for Total Test Plugin
High
CVE-2022-43428
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
ProTip!
Advisories are also available from the
GraphQL API