GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Jenkins Ansible Tower Plugin missing permission check
High
CVE-2019-10311
was published
for
org.jenkins-ci.plugins:ansible-tower
(Maven)
May 24, 2022
Jenkins GitLab Plugin missing permission checks
High
CVE-2019-10301
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
May 24, 2022
Regular expression denial of service in Apache ShenYu
High
CVE-2022-26650
was published
for
org.apache.shenyu:shenyu
(Maven)
May 18, 2022
Missing Authorization in Jenkins SSH plugin
High
CVE-2022-30959
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Apache Sentry may allow attacker to access/remove data from Sentry protected table
High
CVE-2018-8028
was published
for
org.apache.sentry:sentry
(Maven)
May 13, 2022
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings
High
CVE-2017-1000086
was published
for
org.jenkins-ci.plugins:periodicbackup
(Maven)
May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability
High
CVE-2019-1003006
was published
for
org.jenkins-ci.plugins:groovy
(Maven)
May 13, 2022
Missing Authorization in Apache ZooKeeper
High
CVE-2018-8012
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27211
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
Missing permission check in Jenkins SCP publisher Plugin
High
CVE-2022-25199
was published
for
org.jenkins-ci.plugins:scp
(Maven)
Feb 16, 2022
Missing Authorization in Jenkins dbCharts Plugin
High
CVE-2022-25206
was published
for
org.jenkins-ci.plugins:dbCharts
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE
High
CVE-2022-25208
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Improper Authorization in Google OAuth Client
High
CVE-2020-7692
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Sep 28, 2021
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Undertow Missing Authorization when requesting a protected directory without trailing slash
High
CVE-2019-10184
was published
for
io.undertow:undertow-servlet
(Maven)
Aug 1, 2019
ProTip!
Advisories are also available from the
GraphQL API