Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
Jenkins Subversion Partial Release Manager Plugin missing permission check Moderate
CVE-2024-28159 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check Moderate
CVE-2024-2216 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
XWiki Platform vulnerable to document deletion and overwrite from edit Moderate
CVE-2024-37898 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 31, 2024
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Missing permission check in Jenkins Kmap Plugin allow SSRF Moderate
CVE-2019-10293 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
XWiki extension license information is public, exposing instance id and license holder details Moderate
CVE-2024-26138 was published for com.xwiki.licensing:application-licensing-licensor-ui (Maven) Feb 21, 2024
Missing permission check in Jenkins Ansible Tower Plugin Moderate
CVE-2019-10312 was published for org.jenkins-ci.plugins:ansible-tower (Maven) May 24, 2022
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook Moderate
CVE-2023-30532 was published for org.jenkinsci.plugins.spoonscript:spoonscript (Maven) Apr 12, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs Moderate
CVE-2023-41941 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41943 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission check in Jenkins XL TestView Plugin Moderate
CVE-2019-10387 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
Missing permission checks in Jenkins Frugal Testing Plugin Moderate
CVE-2023-41947 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2019-1003081 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 13, 2022
Missing permission check in Jenkins sinatra-chef-builder Plugin Moderate
CVE-2019-1003087 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) May 13, 2022
Missing permission checks in Jenkins Proxmox Plugin Moderate
CVE-2022-28144 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
Missing permission check in Jenkins VMware Lab Manager Slaves Plugin Moderate
CVE-2019-1003079 was published for org.jenkins-ci.plugins:labmanager (Maven) May 13, 2022
Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks Moderate
CVE-2017-1000388 was published for org.jenkins-ci.plugins:depgraph-view (Maven) May 13, 2022
Missing permission check in Jenkins Audit to Database Plugin Moderate
CVE-2019-1003077 was published for org.jenkins-ci.plugins:audit2db (Maven) May 13, 2022
Missing permission check in Jenkins SOASTA CloudTest Plugin Moderate
CVE-2019-1003091 was published for com.soasta.jenkins:cloudtest (Maven) May 13, 2022
Missing permission check in Jenkins Favorite Plugin Moderate
CVE-2017-1000243 was published for org.jvnet.hudson.plugins:favorite (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database