Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,001
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20,710 advisories

Loading
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins Moderate
CVE-2019-16574 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Alauda Kubernetes Suport Plugin High
CVE-2019-16575 was published for io.alauda.jenkins.plugins:alauda-kubernetes-support (Maven) May 24, 2022
Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin Moderate
CVE-2019-16576 was published for io.alauda.jenkins.plugins:alauda-kubernetes-support (Maven) May 24, 2022
Cross site scripting in Jenkins Mission Control Plugin Moderate
CVE-2019-16563 was published for tech.andrey.jenkins:mission-control-view (Maven) May 24, 2022
Jenkins RapidDeploy Plugin missing permission check Moderate
CVE-2019-16571 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
Jenkins RapidDeploy Plugin Cross-Site Request Forgery plugin Moderate
CVE-2019-16570 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
Jenkins Pipeline Aggregator View Plugin stored XSS vulnerability Moderate
CVE-2019-16564 was published for com.paul8620.jenkins.plugins:pipeline-aggregator-view (Maven) May 24, 2022
Jenkins Team Concert Plugin missing permission check High
CVE-2019-16566 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Jenkins Alauda DevOps Pipeline Plugin vulnerable to cross-site request forgery High
CVE-2019-16573 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
Jenkins Team Concert Plugin missing permission check Moderate
CVE-2019-16567 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Jenkins SCTMExecutor Plugin stores credentials in plain text Moderate
CVE-2019-16568 was published for hudson.plugins.sctmexecutor:SCTMExecutor (Maven) May 24, 2022
CSRF vulnerability in Jenkins Mantis Plugin Moderate
CVE-2019-16569 was published for org.jenkins-ci.plugins:mantis (Maven) May 24, 2022
Inefficient Regular Expression Complexity in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16555 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Improper Certificate Validation in Jenkins Spira Importer Plugin High
CVE-2019-16558 was published for com.inflectra.spiratest.plugins:inflectra-spira-integration (Maven) May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16554 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Jenkins Redgate SQL Change Automation Plugin has Insufficiently Protected Credentials Moderate
CVE-2019-16557 was published for com.redgate.plugins.redgatesqlci:redgate-sql-ci (Maven) May 24, 2022
Jenkins buildgraph-view Plugin vulnerable to stored Cross-site Scripting Moderate
CVE-2019-16562 was published for org.jenkins-ci.plugins:buildgraph-view (Maven) May 24, 2022
Jenkins Rundeck Plugin stored credentials in plain text Moderate
CVE-2019-16556 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins Team Concert Plugin cross-site request forgery vulnerability High
CVE-2019-16565 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check Moderate
CVE-2019-16559 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
SSL/TLS certificate validation globally and unconditionally disabled by Jenkins WebSphere Deployer Plugin High
CVE-2019-16561 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Cross-site request forgery vulnerability in Jenkins WebSphere Deployer Plugin High
CVE-2019-16560 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Missing permission check in Jenkins Gerrit Trigger Plugin Moderate
CVE-2019-16552 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Cross-site request forgery (CSRF) vulnerability in Jenkins Maven Release Plugin High
CVE-2019-16550 was published for org.jenkins-ci.plugins.m2release:m2release (Maven) May 24, 2022
Cross-Site Request Forgery in Jenkins Build Failure Analyzer Plugin High
CVE-2019-16553 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database