GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
Jenkins Sumologic Publisher Plugin missing permission check
Moderate
CVE-2023-37959
was published
for
org.jenkins-ci.plugins:sumologic-publisher
(Maven)
Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check
Moderate
CVE-2023-37963
was published
for
io.jenkins.plugins:benchmark-evaluator
(Maven)
Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check
Moderate
CVE-2023-37965
was published
for
org.jenkins-ci.plugins:elasticbox
(Maven)
Jul 12, 2023
Jenkins mabl Plugin missing permission check
Moderate
CVE-2023-37953
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check
Moderate
CVE-2023-37956
was published
for
org.jenkins-ci.plugins:test-results-aggregator
(Maven)
Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check
Moderate
CVE-2023-37945
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.
Moderate
CVE-2023-37944
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
Jul 12, 2023
Jenkins mabl Plugin missing permission check
Moderate
CVE-2023-37950
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check
Moderate
CVE-2023-37949
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jul 12, 2023
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation
Moderate
CVE-2023-3315
was published
for
org.jenkins-ci.plugins:teamconcert
(Maven)
Jun 19, 2023
Jenkins Digital.ai App Management Publisher Plugin missing permission checks
Moderate
CVE-2023-35149
was published
for
org.jenkins-ci.plugins:ease-plugin
(Maven)
Jun 14, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check
Moderate
CVE-2023-30518
was published
for
io.jenkins.plugins:thycotic-secret-server
(Maven)
Apr 12, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication
Moderate
CVE-2023-30519
was published
for
org.jenkins-ci.plugins:quayio-trigger
(Maven)
Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Moderate
CVE-2023-30521
was published
for
org.jenkins-ci.plugins:assembla-merge-request-builder
(Maven)
Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check
Moderate
CVE-2023-30522
was published
for
org.jenkins-ci.plugins:fogbugz
(Maven)
Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check
Moderate
CVE-2023-30526
was published
for
org.jenkins-ci.plugins:reportportal
(Maven)
Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
Moderate
CVE-2023-30532
was published
for
org.jenkinsci.plugins.spoonscript:spoonscript
(Maven)
Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Moderate
CVE-2023-28675
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration
Moderate
CVE-2023-28673
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Moderate
CVE-2023-28672
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL
Moderate
CVE-2023-28640
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Mar 27, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25768
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25766
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Moderate
CVE-2023-24433
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jan 26, 2023
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24438
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API