Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,669
Erlang
34
GitHub Actions
26
Go
2,261
Maven
5,000+
npm
3,910
NuGet
704
pip
3,680
Pub
12
RubyGems
915
Rust
943
Swift
38
Unreviewed advisories
All unreviewed
5,000+

320 advisories

Loading
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43427 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability Moderate
CVE-2022-41233 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41228 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Jenkins extreme-feedback Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41242 was published for org.jenkins-ci.plugins:extreme-feedback (Maven) Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin Moderate
CVE-2022-41234 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins build-publisher Plugin Moderate
CVE-2022-41230 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs Moderate
CVE-2022-41252 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41254 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials Moderate
CVE-2022-41250 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Jenkins Apprenda Plugin has Missing Authorization vulnerability Moderate
CVE-2022-41251 was published for org.jenkins-ci.plugins:apprenda (Maven) Sep 22, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Apache IoTDB grafana-connector contains an interface without authorization High
CVE-2022-38370 was published for org.apache.iotdb:iotdb-grafana-connector (Maven) Sep 6, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36883 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Jenkins HashiCorp Vault Plugin does not perform permission checks in several HTTP endpoints that perform Vault connection tests Moderate
CVE-2022-36888 was published for com.datapipe.jenkins.plugins:hashicorp-vault-plugin (Maven) Jul 28, 2022
NotMyFault
Lucene-Search Plugin does not perform permission checks in several HTTP endpoints Moderate
CVE-2022-36910 was published for org.jenkins-ci.plugins:lucene-search (Maven) Jul 28, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Jenkins Android Signing Plugin allows attackers to check whether attacker-specified file patterns match workspace contents Moderate
CVE-2022-36915 was published for org.jenkins-ci.plugins:android-signing (Maven) Jul 28, 2022
Missing permission check in Coverity Plugin allows capturing credentials High
CVE-2022-36921 was published for org.jenkins-ci.plugins:coverity (Maven) Jul 28, 2022
NotMyFault
Jenkins Google Cloud Backup Plugin allows attackers with Overall/Read permission to request a manual backup. Moderate
CVE-2022-36917 was published for org.jenkins-ci.plugins:google-cloud-backup (Maven) Jul 28, 2022
Jenkins Buckminster Plugin does not perform a permission check in a method implementing form validation Moderate
CVE-2022-36918 was published for org.jenkins-ci.plugins:buckminster (Maven) Jul 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database