GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
XWiki Platform remote code execution from account through UIExtension parameters
Critical
CVE-2024-31997
was published
for
org.xwiki.platform:xwiki-platform-uiextension-api
(Maven)
Apr 10, 2024
XWiki Platform remote code execution from account via custom skins support
Critical
CVE-2024-31987
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Critical
CVE-2024-31983
was published
for
org.xwiki.platform:xwiki-platform-localization-source-wiki
(Maven)
Apr 10, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Critical
CVE-2024-31981
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
XWiki extension license information is public, exposing instance id and license holder details
Moderate
CVE-2024-26138
was published
for
com.xwiki.licensing:application-licensing-licensor-ui
(Maven)
Feb 21, 2024
Jenkins Nexus Platform Plugin missing permission check
High
CVE-2023-50767
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check
Moderate
CVE-2023-50769
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin
Moderate
CVE-2023-50779
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Missing permission check in Jenkins Scriptler Plugin
Moderate
CVE-2023-50765
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Dec 13, 2023
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
Apache DolphinScheduler Missing Authorization vulnerability
Moderate
CVE-2023-49620
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 30, 2023
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks
Moderate
CVE-2023-49652
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
High
CVE-2023-48222
was published
for
org.rundeck:rundeck
(Maven)
Nov 16, 2023
Authenticated users can view job names and groups they do not have authorization to view
Moderate
CVE-2023-47112
was published
for
org.rundeck:rundeckapp
(Maven)
Nov 16, 2023
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
High
CVE-2023-37910
was published
for
org.xwiki.platform:xwiki-platform-attachment-api
(Maven)
Oct 25, 2023
Jenkins lambdatest-automation Plugin missing permission check
Moderate
CVE-2023-46652
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check
Moderate
CVE-2023-43501
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
Sep 20, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs
Moderate
CVE-2023-41941
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-41943
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin
Moderate
CVE-2023-41947
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
ProTip!
Advisories are also available from the
GraphQL API