GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
103 advisories
Non-constant time webhook token comparison in Jenkins GitLab Plugin
Low
CVE-2022-43411
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
Oct 19, 2022
Non-constant time webhook token comparison in Jenkins Generic Webhook Trigger Plugin
Low
CVE-2022-43412
was published
for
org.jenkins-ci.plugins:generic-webhook-trigger
(Maven)
Oct 19, 2022
Jenkins GitHub plugin uses weak webhook signature function
Low
CVE-2022-36885
was published
for
com.coravy.hudson.plugins.github:github
(Maven)
Jul 28, 2022
fastify-bearer-auth vulnerable to Timing Attack Vector
High
CVE-2022-31142
was published
for
@fastify/bearer-auth
(npm)
Jul 15, 2022
Observable timing discrepancy allows determining username validity in Jenkins
Moderate
CVE-2022-34174
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API