Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

312 advisories

Loading
Apache DolphinScheduler Missing Authorization vulnerability Moderate
CVE-2023-49620 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 30, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks Moderate
CVE-2023-49652 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Jenkins MATLAB Plugin missing permission checks High
CVE-2023-49654 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for. High
CVE-2023-48222 was published for org.rundeck:rundeck (Maven) Nov 16, 2023
Authenticated users can view job names and groups they do not have authorization to view Moderate
CVE-2023-47112 was published for org.rundeck:rundeckapp (Maven) Nov 16, 2023
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move High
CVE-2023-37910 was published for org.xwiki.platform:xwiki-platform-attachment-api (Maven) Oct 25, 2023
Jenkins lambdatest-automation Plugin missing permission check Moderate
CVE-2023-46652 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check Moderate
CVE-2023-43501 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs Moderate
CVE-2023-41941 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Disabled permissions granted by Jenkins Assembla Auth Plugin High
CVE-2023-41945 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41943 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin Moderate
CVE-2023-41947 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property Moderate
CVE-2023-41046 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 4, 2023
Jenkins Fortify Plugin missing permission check Moderate
CVE-2023-4302 was published for org.jenkins-ci.plugins:fortify (Maven) Aug 22, 2023
Jenkins Delphix Plugin missing permission check Moderate
CVE-2023-40344 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
Missing authorization in Jenkins Plug-in for ServiceNow High
CVE-2023-3442 was published for io.jenkins.plugins:servicenow-devops (Maven) Jul 26, 2023
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
Jenkins Sumologic Publisher Plugin missing permission check Moderate
CVE-2023-37959 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check Moderate
CVE-2023-37963 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check Moderate
CVE-2023-37965 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint. Moderate
CVE-2023-37944 was published for org.datadog.jenkins.plugins:datadog (Maven) Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check Moderate
CVE-2023-37945 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check Moderate
CVE-2023-37949 was published for io.jenkins.plugins:macstadium-orka (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database