GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
312 advisories
Filter by severity
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization
Moderate
CVE-2023-24451
was published
for
org.jenkins-ci.plugins:cisco-spark-notifier-plugin
(Maven)
Jan 26, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Moderate
CVE-2023-24448
was published
for
org.jenkins-ci.plugins:rabbitmq-consumer
(Maven)
Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin
Moderate
CVE-2023-24453
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin
Moderate
CVE-2023-24459
was published
for
org.jenkins-ci.plugins:bearychat
(Maven)
Jan 26, 2023
Missing Authorization in Filter Stream Converter Application of XWiki-platform
Critical
CVE-2022-41937
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Nov 21, 2022
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
High
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
Moderate
CVE-2022-41929
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
Moderate
CVE-2022-45385
was published
for
org.jenkins-ci.plugins:dockerhub-notification
(Maven)
Nov 16, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Moderate
CVE-2022-45390
was published
for
io.loader:loaderio-jenkins-plugin
(Maven)
Nov 16, 2022
Missing permission check in Jenkins Delete log Plugin
Moderate
CVE-2022-45394
was published
for
org.jenkins-ci.plugins:delete-log-plugin
(Maven)
Nov 16, 2022
Jenkins Cluster Statistics Plugin Missing Authorization vulnerability
Moderate
CVE-2022-45399
was published
for
org.zeroturnaround:cluster-stats
(Maven)
Nov 16, 2022
Missing Authorization in Jenkins XP-Dev Plugin
Moderate
CVE-2022-45389
was published
for
com.cloudbees.jenkins.plugins:xpdev
(Maven)
Nov 16, 2022
Apache Archiva subject to arbitrary directory deletion by users.
Moderate
CVE-2022-40309
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Moderate
CVE-2022-43413
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
Oct 19, 2022
Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability
Moderate
CVE-2022-43431
was published
for
com.compuware.jenkins:compuware-strobe-measurement
(Maven)
Oct 19, 2022
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
Moderate
CVE-2022-43421
was published
for
org.jenkins-ci.plugins:tuleap-git-branch-source
(Maven)
Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials
Moderate
CVE-2022-43417
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Moderate
CVE-2022-43427
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Liferay Portal Missing Authorization vulnerability
Moderate
CVE-2022-39975
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Sep 23, 2022
CSRF vulnerability and mM
Moderate
CVE-2022-41246
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization
Moderate
CVE-2022-41228
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability
Moderate
CVE-2022-41233
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin
Moderate
CVE-2022-41234
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Missing permission check in Jenkins build-publisher Plugin
Moderate
CVE-2022-41230
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API