Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit Moderate
CVE-2024-37898 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 31, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Jenkins docker-build-step Plugin missing permission check Moderate
CVE-2024-2216 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check Moderate
CVE-2024-28159 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
XWiki extension license information is public, exposing instance id and license holder details Moderate
CVE-2024-26138 was published for com.xwiki.licensing:application-licensing-licensor-ui (Maven) Feb 21, 2024
Missing permission check in Jenkins Scriptler Plugin Moderate
CVE-2023-50765 was published for org.jenkins-ci.plugins:scriptler (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check Moderate
CVE-2023-50769 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50779 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Apache DolphinScheduler Missing Authorization vulnerability Moderate
CVE-2023-49620 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 30, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Jenkins Google Compute Engine Plugin has incorrect permission checks Moderate
CVE-2023-49652 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Nov 29, 2023
Authenticated users can view job names and groups they do not have authorization to view Moderate
CVE-2023-47112 was published for org.rundeck:rundeckapp (Maven) Nov 16, 2023
Jenkins lambdatest-automation Plugin missing permission check Moderate
CVE-2023-46652 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check Moderate
CVE-2023-43501 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs Moderate
CVE-2023-41941 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin Moderate
CVE-2023-41947 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41943 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property Moderate
CVE-2023-41046 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 4, 2023
Jenkins Fortify Plugin missing permission check Moderate
CVE-2023-4302 was published for org.jenkins-ci.plugins:fortify (Maven) Aug 22, 2023
Jenkins Delphix Plugin missing permission check Moderate
CVE-2023-40344 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
Jenkins Sumologic Publisher Plugin missing permission check Moderate
CVE-2023-37959 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check Moderate
CVE-2023-37963 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database