Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

62 advisories

Loading
simplejson before 2.6.1 vulnerable to array index error Moderate
CVE-2014-4616 was published for simplejson (pip) May 14, 2022
westonsteimel
Exposure of sensitive information in Anchore Container Image Scanner Jenkins Plugin Moderate
CVE-2018-1999033 was published for org.jenkins-ci.plugins:anchore-container-scanner (Maven) May 13, 2022
westonsteimel
Apache Geronimo Application Server CSRF vulnerabilities Moderate
CVE-2009-0039 was published for org.apache.geronimo.plugins:console (Maven) May 2, 2022
westonsteimel MarkLee131
Apache Geronimo console 1.0 vulnerable to cross-site scripting Moderate
CVE-2006-0254 was published for geronimo:geronimo-console-standard (Maven) May 1, 2022
westonsteimel
Multiple cross-site scripting (XSS) vulnerabilities in Roundup Moderate
CVE-2012-6133 was published for roundup (pip) Apr 23, 2022
westonsteimel
Cross-site scripting in markdown2 for python Moderate
CVE-2009-3724 was published for markdown2 (pip) Apr 21, 2022
westonsteimel
Stored XSS in Jenkins CVS Plugin Moderate
CVE-2022-29037 was published for org.jenkins-ci.plugins:cvs (Maven) Apr 13, 2022
westonsteimel
Stored XSS vulnerability in Jenkins Git Parameter Plugin Moderate
CVE-2022-29040 was published for org.jenkins-ci.tools:git-parameter (Maven) Apr 13, 2022
westonsteimel
Missing permission checks in Jenkins Publish Over FTP Plugin Moderate
CVE-2022-29051 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
Nomad Spread Job Stanza May Trigger Panic in Servers Moderate
CVE-2022-24684 was published for github.com/hashicorp/nomad (Go) Feb 16, 2022
westonsteimel
Improper Link Resolution Before File Access in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2022-25177 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Improper Link Resolution Before File Access in Jenkins Pipeline: Groovy Plugin Moderate
CVE-2022-25176 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) Feb 16, 2022
westonsteimel
Improper Limitation of a Pathname to a Restricted Directory in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2022-25178 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Feb 16, 2022
westonsteimel
Link Following in Jenkins Pipeline Multibranch Plugin Moderate
CVE-2022-25179 was published for org.jenkins-ci.plugins.workflow:workflow-multibranch (Maven) Feb 16, 2022
westonsteimel
Jenkins Support Core Plugin stores sensitive data in plain text Moderate
CVE-2022-25187 was published for org.jenkins-ci.plugins:support-core (Maven) Feb 16, 2022
westonsteimel
Missing permission check in Jenkins autonomiq Plugin Moderate
CVE-2022-25195 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel
HashiCorp Nomad Artifact Download Race Condition Moderate
CVE-2022-24686 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
westonsteimel
Stored XSS vulnerability in Matrix Project Plugin Moderate
CVE-2022-20615 was published for org.jenkins-ci.plugins:matrix-project (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Cross-Site Request Forgery in Jenkins Mailer Plugin Moderate
CVE-2022-20613 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Access key stored in plain text by Jenkins Metrics Plugin Moderate
CVE-2022-20621 was published for org.jenkins-ci.plugins:metrics (Maven) Jan 13, 2022
westonsteimel
Stored XSS vulnerability in Jenkins Badge Plugin Moderate
CVE-2022-23108 was published for org.jenkins-ci.plugins:badge (Maven) Jan 13, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API