GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
Restarting a run with revoked script approval allowed by Jenkins Pipeline: Declarative Plugin
High
CVE-2024-52551
was published
for
org.jenkinsci.plugins:pipeline-model-parent
(Maven)
Nov 13, 2024
Improper Preservation of Permissions in xxl-job
High
CVE-2024-42681
was published
for
com.xuxueli:xxl-job-core
(Maven)
Aug 15, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
Low
GHSA-gmrm-8fx4-66x7
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 18, 2024
•
withdrawn
Jenkins temporary plugin file created with insecure permissions
High
CVE-2023-43496
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Jenkins AppSpider Plugin missing permission check
Moderate
CVE-2023-32999
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
Moderate
CVE-2023-32996
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
PowerJob vulnerable to Insecure Permissions
Moderate
CVE-2023-29923
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials
Moderate
CVE-2023-23848
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions
Moderate
CVE-2023-23850
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Duplicate Advisory: Apiman has insufficient checks for read permissions
High
GHSA-54r5-wr8x-x5v3
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Dec 20, 2022
•
withdrawn
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42127
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42128
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42130
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in JetBrains Kotlin
Moderate
CVE-2020-29582
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
May 24, 2022
Improper permission checks in Jenkins Copy Artifact Plugin
Moderate
CVE-2020-2183
was published
for
org.jenkins-ci.plugins:copyartifact
(Maven)
May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check
Moderate
CVE-2019-16559
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16554
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
Missing permission check in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2019-16552
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
Moderate
CVE-2019-10472
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Global Post Script Plugin missing permission check
Moderate
CVE-2019-10474
was published
for
org.jenkins-ci.plugins:global-post-script
(Maven)
May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions
Moderate
CVE-2019-10463
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check
Moderate
CVE-2019-10465
was published
for
org.jenkins-ci.plugins:weblogic-deployer-plugin
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Moderate
CVE-2019-10470
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API