Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

312 advisories

Loading
Apache DolphinScheduler Missing Authorization vulnerability Moderate
CVE-2023-49620 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 30, 2023
Jenkins MATLAB Plugin missing permission checks High
CVE-2023-49654 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks Moderate
CVE-2023-49652 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Authenticated Rundeck users can view or delete jobs they do not have authorization for. High
CVE-2023-48222 was published for org.rundeck:rundeck (Maven) Nov 16, 2023
Authenticated users can view job names and groups they do not have authorization to view Moderate
CVE-2023-47112 was published for org.rundeck:rundeckapp (Maven) Nov 16, 2023
H2O local file inclusion vulnerability Critical
CVE-2023-6038 was published for ai.h2o:h2o-core (Maven) Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move High
CVE-2023-37910 was published for org.xwiki.platform:xwiki-platform-attachment-api (Maven) Oct 25, 2023
Jenkins lambdatest-automation Plugin missing permission check Moderate
CVE-2023-46652 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check Moderate
CVE-2023-43501 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) Sep 20, 2023
Disabled permissions granted by Jenkins Assembla Auth Plugin High
CVE-2023-41945 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41943 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs Moderate
CVE-2023-41941 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin Moderate
CVE-2023-41947 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property Moderate
CVE-2023-41046 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 4, 2023
Jenkins Fortify Plugin missing permission check Moderate
CVE-2023-4302 was published for org.jenkins-ci.plugins:fortify (Maven) Aug 22, 2023
Jenkins Delphix Plugin missing permission check Moderate
CVE-2023-40344 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
Missing authorization in Jenkins Plug-in for ServiceNow High
CVE-2023-3442 was published for io.jenkins.plugins:servicenow-devops (Maven) Jul 26, 2023
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
Jenkins Sumologic Publisher Plugin missing permission check Moderate
CVE-2023-37959 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check Moderate
CVE-2023-37963 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check Moderate
CVE-2023-37965 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check Moderate
CVE-2023-37956 was published for org.jenkins-ci.plugins:test-results-aggregator (Maven) Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check Moderate
CVE-2023-37945 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint. Moderate
CVE-2023-37944 was published for org.datadog.jenkins.plugins:datadog (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API