GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
312 advisories
Filter by severity
Apache DolphinScheduler Missing Authorization vulnerability
Moderate
CVE-2023-49620
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 30, 2023
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks
Moderate
CVE-2023-49652
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
High
CVE-2023-48222
was published
for
org.rundeck:rundeck
(Maven)
Nov 16, 2023
Authenticated users can view job names and groups they do not have authorization to view
Moderate
CVE-2023-47112
was published
for
org.rundeck:rundeckapp
(Maven)
Nov 16, 2023
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
High
CVE-2023-37910
was published
for
org.xwiki.platform:xwiki-platform-attachment-api
(Maven)
Oct 25, 2023
Jenkins lambdatest-automation Plugin missing permission check
Moderate
CVE-2023-46652
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check
Moderate
CVE-2023-43501
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
Sep 20, 2023
Disabled permissions granted by Jenkins Assembla Auth Plugin
High
CVE-2023-41945
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-41943
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs
Moderate
CVE-2023-41941
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin
Moderate
CVE-2023-41947
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property
Moderate
CVE-2023-41046
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 4, 2023
Jenkins Fortify Plugin missing permission check
Moderate
CVE-2023-4302
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
Aug 22, 2023
Jenkins Delphix Plugin missing permission check
Moderate
CVE-2023-40344
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Aug 16, 2023
Missing authorization in Jenkins Plug-in for ServiceNow
High
CVE-2023-3442
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
Hazelcast Executor Services don't check client permissions properly
High
CVE-2023-33265
was published
for
com.hazelcast:hazelcast
(Maven)
Jul 19, 2023
Jenkins Sumologic Publisher Plugin missing permission check
Moderate
CVE-2023-37959
was published
for
org.jenkins-ci.plugins:sumologic-publisher
(Maven)
Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check
Moderate
CVE-2023-37963
was published
for
io.jenkins.plugins:benchmark-evaluator
(Maven)
Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check
Moderate
CVE-2023-37965
was published
for
org.jenkins-ci.plugins:elasticbox
(Maven)
Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check
Moderate
CVE-2023-37956
was published
for
org.jenkins-ci.plugins:test-results-aggregator
(Maven)
Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check
Moderate
CVE-2023-37945
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.
Moderate
CVE-2023-37944
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
Jul 12, 2023
ProTip!
Advisories are also available from the
GraphQL API