Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
Jenkins AppSpider Plugin missing permission checks Moderate
CVE-2024-28155 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) Mar 6, 2024
XWiki extension license information is public, exposing instance id and license holder details Moderate
CVE-2024-26138 was published for com.xwiki.licensing:application-licensing-licensor-ui (Maven) Feb 21, 2024
Missing permission check in Jenkins Scriptler Plugin Moderate
CVE-2023-50765 was published for org.jenkins-ci.plugins:scriptler (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check Moderate
CVE-2023-50769 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check High
CVE-2023-50767 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50779 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier
Apache DolphinScheduler Missing Authorization vulnerability Moderate
CVE-2023-49620 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 30, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks Moderate
CVE-2023-49652 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Nov 29, 2023
Jenkins MATLAB Plugin missing permission checks High
CVE-2023-49654 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Authenticated Rundeck users can view or delete jobs they do not have authorization for. High
CVE-2023-48222 was published for org.rundeck:rundeck (Maven) Nov 16, 2023
Authenticated users can view job names and groups they do not have authorization to view Moderate
CVE-2023-47112 was published for org.rundeck:rundeckapp (Maven) Nov 16, 2023
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move High
CVE-2023-37910 was published for org.xwiki.platform:xwiki-platform-attachment-api (Maven) Oct 25, 2023
Jenkins lambdatest-automation Plugin missing permission check Moderate
CVE-2023-46652 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check Moderate
CVE-2023-43501 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Disabled permissions granted by Jenkins Assembla Auth Plugin High
CVE-2023-41945 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41943 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs Moderate
CVE-2023-41941 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin Moderate
CVE-2023-41947 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property Moderate
CVE-2023-41046 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 4, 2023
Jenkins Fortify Plugin missing permission check Moderate
CVE-2023-4302 was published for org.jenkins-ci.plugins:fortify (Maven) Aug 22, 2023
Jenkins Delphix Plugin missing permission check Moderate
CVE-2023-40344 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
Missing authorization in Jenkins Plug-in for ServiceNow High
CVE-2023-3442 was published for io.jenkins.plugins:servicenow-devops (Maven) Jul 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database