VulnerableCode Package Details - pkg:maven/com.coravy.hudson.plugins.github/github@1.34.4

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:maven/com.coravy.hudson.plugins.github/github@1.34.4

purl	pkg:maven/com.coravy.hudson.plugins.github/github@1.34.4
Tags	Ghost

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	2.4

Vulnerabilities affecting this package (1)

Vulnerability	Summary	Fixed by
VCID-9h4k-xjx5-afc8 Aliases: CVE-2022-36885 GHSA-mxcc-7h5m-x57r	Jenkins GitHub plugin uses weak webhook signature function Jenkins GitHub Plugin 1.34.4 and earlier uses a non-constant time comparison function when checking whether the provided and computed webhook signatures are equal, allowing attackers to use statistical methods to obtain a valid webhook signature. GitHub Plugin 1.34.5 uses a constant-time comparison when validating the webhook signature.	1.34.5 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-03T21:27:23.564463+00:00	GitLab Importer	Affected by	VCID-9h4k-xjx5-afc8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/maven/com.coravy.hudson.plugins.github/github/CVE-2022-36885.yml	38.1.0
2026-04-01T16:02:53.659905+00:00	GHSA Importer	Affected by	VCID-9h4k-xjx5-afc8	https://github.com/advisories/GHSA-mxcc-7h5m-x57r	38.0.0