GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
High
CVE-2024-52554
was published
for
io.jenkins.plugins:shared-library-version-override
(Maven)
Nov 13, 2024
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Jenkins Nexus Platform Plugin missing permission check
High
CVE-2023-50767
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
High
CVE-2023-48222
was published
for
org.rundeck:rundeck
(Maven)
Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
High
CVE-2023-37910
was published
for
org.xwiki.platform:xwiki-platform-attachment-api
(Maven)
Oct 25, 2023
Disabled permissions granted by Jenkins Assembla Auth Plugin
High
CVE-2023-41945
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
Sep 6, 2023
Missing authorization in Jenkins Plug-in for ServiceNow
High
CVE-2023-3442
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
Hazelcast Executor Services don't check client permissions properly
High
CVE-2023-33265
was published
for
com.hazelcast:hazelcast
(Maven)
Jul 19, 2023
Missing authorization in Liferay portal
High
CVE-2023-33948
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Command injection in nevado-jms
High
CVE-2023-31826
was published
for
org.skyscreamer:nevado-jms
(Maven)
May 23, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user
High
CVE-2023-26269
was published
for
org.apache.james:javax-mail-extension
(Maven)
Apr 3, 2023
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
High
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
High
CVE-2022-36091
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Apache IoTDB grafana-connector contains an interface without authorization
High
CVE-2022-38370
was published
for
org.apache.iotdb:iotdb-grafana-connector
(Maven)
Sep 6, 2022
Missing permission check in Coverity Plugin allows capturing credentials
High
CVE-2022-36921
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Missing Authorization in Jenkins Recipe Plugin
High
CVE-2022-34794
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
High
CVE-2020-2234
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Jenkins Team Concert Plugin missing permission check
High
CVE-2019-16566
was published
for
org.jenkins-ci.plugins:teamconcert
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API