Detections
Analytics

Plugins Pipeline

At Tenable, we use a multitude of approaches to deliver the best possible coverage to our customers and use a number of factors to prioritize vulnerabilities. Browse upcoming plugins that the Tenable Research team is prioritizing by CVE, detection status or keyword search. Please note that this page does not represent an exhaustive list of plugins that Tenable Research intends to provide coverage for nor for which plugin coverage is provided.

Plugins are categorized into one of the following detection statuses:

  • Development: Tenable Research team is actively working on providing a detection.
  • Testing: The plugin is in the production build & release pipeline.
  • Released: The plugin has been published on the displayed date.

RSS Feeds

TitleCVEsUpdatedStatus
ubuntu_linux USN-6540-1: Ubuntu 16.04 ESM / Ubuntu 18.04 ESM / Ubuntu 20.04 LTS / Ubuntu 22.04 LTS / Ubuntu 23.04 / Ubuntu 23.10 : BlueZ vulnerability (USN-6540-1)CVE-2023-4586612/7/2023development
suse_linux SUSE-SU-2023:4665-1: SUSE SLES15 : Security update for kernel-firmware (Important) (SUSE-SU-2023:4665-1)CVE-2021-26345, CVE-2021-46766, CVE-2021-46774, CVE-2022-23820, CVE-2022-23830, CVE-2023-20519, CVE-2023-20521, CVE-2023-20526, CVE-2023-20533, CVE-2023-20566, CVE-2023-2059212/7/2023development
suse_linux SUSE-SU-2023:4645-1: SUSE SLES15 : Security update for haproxy (Moderate) (SUSE-SU-2023:4645-1)CVE-2023-4553912/7/2023development
suse_linux SUSE-SU-2023:4654-1: SUSE SLES15 : Security update for kernel-firmware (Important) (SUSE-SU-2023:4654-1)CVE-2021-26345, CVE-2021-46766, CVE-2021-46774, CVE-2022-23820, CVE-2022-23830, CVE-2023-20519, CVE-2023-20521, CVE-2023-20526, CVE-2023-20533, CVE-2023-20566, CVE-2023-2059212/7/2023development
freebsd e07a7754-12a4-4661-b852-fd221d68955f: electron25 -- multiple vulnerabilitiesCVE-2023-6350, CVE-2023-635112/7/2023development
apache_struts S2-066: S2-066CVE-2023-5016412/7/2023testing
gitlab CVE-2022-3331: IDOR in Zentao integration leaked issue detailsCVE-2022-333111/2/2023development
gitlab CVE-2021-39873: Content spoofing vulnerabilityCVE-2021-3987311/2/2023development
gitlab CVE-2022-4037: Race condition on gitlab.com enables verified email forgery & third-party account hijackingCVE-2022-403711/2/2023development
gitlab CVE-2022-2592: Lack of length validation in Snippets leads to Denial of ServiceCVE-2022-259211/2/2023development
gitlab CVE-2021-39898: Project exports leak external webhook token valueCVE-2021-3989811/2/2023development
gitlab CVE-2021-22251: Projects are allowed to add members with email address domain that should be blocked by group settingsCVE-2021-2225111/2/2023development
gitlab CVE-2022-1821: Subgroup member can list members of parent groupCVE-2022-182111/2/2023development
gitlab CVE-2021-39892: Low privileged users can import users from projects that they they are not a maintainer onCVE-2021-3989211/2/2023development
gitlab CVE-2021-22219: Logging of Sensitive InformationCVE-2021-2221911/2/2023development
gitlab CVE-2021-39878: Reflected Cross-Site Scripting in Jira IntegrationCVE-2021-3987811/2/2023development
gitlab CVE-2021-22234: Arbitrary file read via design featureCVE-2021-2223411/2/2023development
gitlab CVE-2022-1124: Guest project member can access trace log of jobs when it is enabledCVE-2022-112411/2/2023development
gitlab CVE-2021-39943: "External status checks" can be accepted by users below developer access if the user is either author or assignee of the target merge requestCVE-2021-3994311/2/2023development
gitlab CVE-2021-39935: When user registration is limited, external users that aren't developers shouldn't have access to the CI Lint APICVE-2021-3993511/2/2023development
gitlab CVE-2022-3286: Bypass group IP restriction on Dependency ProxyCVE-2022-328611/2/2023development
gitlab CVE-2022-0751: Inaccurate display of Snippet contents can be potentially misleading to usersCVE-2022-075111/2/2023development
gitlab CVE-2023-3932: An attacker can run pipeline jobs as arbitrary userCVE-2023-393211/2/2023development
gitlab CVE-2022-1416: HTML and CSS injection in pipeline error messagesCVE-2022-141611/2/2023development
gitlab CVE-2022-2904: Content injection via External Status ChecksCVE-2022-290411/2/2023development
gitlab CVE-2021-22213: Stealing GitLab OAuth access tokens using XSLeaks in SafariCVE-2021-2221311/2/2023development
gitlab CVE-2021-39885: Stored XSS in merge request creation pageCVE-2021-3988511/2/2023development
gitlab CVE-2022-3818: Uncontrolled resource consumption when parsing URLsCVE-2022-381811/2/2023development
gitlab CVE-2022-2428: Arbitrary HTTP Requests Possible in .ipynb Notebook with Malicious Form TagsCVE-2022-242811/2/2023development
gitlab CVE-2022-2931: Denial of Service via Issue previewCVE-2022-293111/2/2023development
gitlab CVE-2022-3482: Release names visible in public projects despite release set as project members onlyCVE-2022-348211/2/2023development
gitlab CVE-2022-4054: Maintainer can leak webhook secret token by changing the webhook URLCVE-2022-405411/2/2023development
gitlab CVE-2021-22259: Potential DOS via dependencies APICVE-2021-2225911/2/2023development
gitlab CVE-2021-22218: Spoofing commit author for signed commitsCVE-2021-2221811/2/2023development
gitlab CVE-2021-39910: HTML Injection via Swagger UICVE-2021-3991011/2/2023development
gitlab CVE-2021-39932: Potential denial of service via the Diff featureCVE-2021-3993211/2/2023development
gitlab CVE-2021-42574: Unicode characters can be abused to commit malicious code into projects without noticeCVE-2021-4257411/2/2023development
gitlab CVE-2021-22197: Infinite Loop When a User Access a Merge RequestCVE-2021-2219711/2/2023development
gitlab CVE-2022-4365: Maintainer can leak sentry token by changing the configured URLCVE-2022-436511/2/2023development
gitlab CVE-2021-22198: Incident metric images can be deleted by any userCVE-2021-2219811/2/2023development
gitlab CVE-2021-22239: Unauthorised user was able to add meta data upon issue creationCVE-2021-2223911/2/2023development
gitlab CVE-2022-0283: Open redirect vulnerability in Jira IntegrationCVE-2022-028311/2/2023development
gitlab CVE-2022-2251: Command injection in CI jobs via branch name in CI pipelinesCVE-2022-225111/2/2023development
gitlab CVE-2022-2228: CI variables provided to runners outside of a group's restricted IP rangeCVE-2022-222811/2/2023development
gitlab CVE-2021-39871: Bypass disabled Bitbucket Server import source project creationCVE-2021-3987111/2/2023development
gitlab CVE-2021-39868: Create a project with unlimited repository size through malicious Project ImportCVE-2021-3986811/2/2023development
gitlab CVE-2021-22248: Pipelines page is partially visible for users that have no right to see CI/CDCVE-2021-2224811/2/2023development
gitlab CVE-2022-0427: Arbitrary POST requests via special HTML attributes in Jupyter NotebooksCVE-2022-042711/2/2023development
gitlab CVE-2021-39947: Golang vulnerability CVE-2021-44717: don’t close fd 0 on ForkExec errorCVE-2021-3994711/2/2023development
gitlab CVE-2022-3031: Brute force attack may guess a password even when 2FA is enabledCVE-2022-303111/2/2023development