GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
21,018 advisories
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2130
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
Passwords stored in plain text by Harvest SCM Plugin
Moderate
CVE-2020-2131
was published
for
org.jenkins-ci.plugins:harvest
(Maven)
May 24, 2022
Password stored in plain text by Applatix Plugin
Moderate
CVE-2020-2133
was published
for
com.applatix.jenkins:applatix
(Maven)
May 24, 2022
Password stored in plain text by Dynamic Extended Choice Parameter Plugin
Moderate
CVE-2020-2124
was published
for
com.moded.extendedchoiceparameter:dynamic_extended_choice_parameter
(Maven)
May 24, 2022
Credentials stored in plain text by debian-package-builder Plugin
Low
CVE-2020-2125
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
May 24, 2022
Password stored in plain text by ECX Copy Data Management Plugin
Moderate
CVE-2020-2128
was published
for
com.catalogic.ecxjenkins:catalogic-ecx
(Maven)
May 24, 2022
Credential stored in plain text by BMC Release Package and Deployment Plugin
Low
CVE-2020-2127
was published
for
RPD:bmc-rpd
(Maven)
May 24, 2022
Token stored in plain text by DigitalOcean Plugin
Low
CVE-2020-2126
was published
for
com.dubture.jenkins:digitalocean-plugin
(Maven)
May 24, 2022
XXE vulnerability in FitNesse Plugin
High
CVE-2020-2120
was published
for
org.jenkins-ci.plugins:fitnesse
(Maven)
May 24, 2022
Password stored in plain text by Parasoft Environment Manager Plugin
Moderate
CVE-2020-2132
was published
for
com.parasoft:environment-manager
(Maven)
May 24, 2022
RCE vulnerability in Google Kubernetes Engine Plugin
High
CVE-2020-2121
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
RCE vulnerability in RadarGun Plugin
High
CVE-2020-2123
was published
for
org.jenkins-ci.plugins:radargun
(Maven)
May 24, 2022
Stored XSS vulnerability in Jenkins brakeman Plugin
Moderate
CVE-2020-2122
was published
for
org.jenkins-ci.plugins:brakeman
(Maven)
May 24, 2022
Jenkins Git Parameter Plugin vulnerable to Stored cross-site scripting (XSS)
Moderate
CVE-2020-2112
was published
for
org.jenkins-ci.tools:git-parameter
(Maven)
May 24, 2022
Subversion Plugin stored XSS vulnerability
Moderate
CVE-2020-2111
was published
for
org.jenkins-ci.plugins:subversion
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin
Moderate
CVE-2020-2118
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 24, 2022
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials
High
CVE-2020-2117
was published
for
org.jenkins-ci.plugins:pipeline-githubnotify-step
(Maven)
May 24, 2022
CSRF vulnerability in Pipeline GitHub Notify Step Plugin allows capturing credentials
High
CVE-2020-2116
was published
for
org.jenkins-ci.plugins:pipeline-githubnotify-step
(Maven)
May 24, 2022
Client secret transmitted in plain text by Azure AD Plugin
Low
CVE-2020-2119
was published
for
org.jenkins-ci.plugins:azure-ad
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API