GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin
Moderate
CVE-2022-29051
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Missing permission check in Jenkins SSH Plugin
Moderate
CVE-2022-30957
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Missing Authorization in Jenkins
Moderate
CVE-2017-1000400
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Missing Authorization in Crafter CMS
Moderate
CVE-2017-15680
was published
for
org.craftercms:crafter-core
(Maven)
May 24, 2022
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Moderate
CVE-2022-25193
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Missing Authorization in Jenkins WMI Windows Agents plugin
Moderate
CVE-2022-30951
was published
for
org.jenkins-ci.plugins:windows-slaves
(Maven)
May 18, 2022
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
Moderate
CVE-2022-34779
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34811
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
CSRF vulnerability and mM
Moderate
CVE-2022-41246
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Missing Authorization in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34798
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36907
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Missing permission checks in MongoDB Plugin
Moderate
CVE-2020-2267
was published
for
org.jenkins-ci.plugins:mongodb
(Maven)
May 24, 2022
Missing permission check in Perfecto Plugin
Moderate
CVE-2020-2260
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36909
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Missing permission checks in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36912
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Missing Authorization in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000105
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Missing permission check in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34201
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Missing permission check in Jenkins vRealize Orchestrator Plugin
Moderate
CVE-2022-34212
was published
for
org.jenkins-ci.plugins:vmware-vrealize-orchestrator
(Maven)
Jun 24, 2022
Lack of authentication mechanism in Jenkins DotCi Plugin webhook
Moderate
CVE-2022-41238
was published
for
com.groupon.jenkins-ci.plugins:DotCi
(Maven)
Sep 22, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
Moderate
CVE-2019-16547
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability
Moderate
CVE-2022-41233
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Missing permission check in Jenkins ThreadFix Plugin
Moderate
CVE-2022-34210
was published
for
org.jenkins-ci.plugins:threadfix
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API