GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
312 advisories
Filter by severity
Jenkins mabl Plugin missing permission check
Moderate
CVE-2023-37950
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check
Moderate
CVE-2023-37949
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jul 12, 2023
Jenkins mabl Plugin missing permission check
Moderate
CVE-2023-37953
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation
Moderate
CVE-2023-3315
was published
for
org.jenkins-ci.plugins:teamconcert
(Maven)
Jun 19, 2023
Jenkins Digital.ai App Management Publisher Plugin missing permission checks
Moderate
CVE-2023-35149
was published
for
org.jenkins-ci.plugins:ease-plugin
(Maven)
Jun 14, 2023
Missing authorization in Liferay portal
High
CVE-2023-33948
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Command injection in nevado-jms
High
CVE-2023-31826
was published
for
org.skyscreamer:nevado-jms
(Maven)
May 23, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check
Moderate
CVE-2023-30518
was published
for
io.jenkins.plugins:thycotic-secret-server
(Maven)
Apr 12, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication
Moderate
CVE-2023-30519
was published
for
org.jenkins-ci.plugins:quayio-trigger
(Maven)
Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check
Moderate
CVE-2023-30526
was published
for
org.jenkins-ci.plugins:reportportal
(Maven)
Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check
Moderate
CVE-2023-30522
was published
for
org.jenkins-ci.plugins:fogbugz
(Maven)
Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Moderate
CVE-2023-30521
was published
for
org.jenkins-ci.plugins:assembla-merge-request-builder
(Maven)
Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
Moderate
CVE-2023-30532
was published
for
org.jenkinsci.plugins.spoonscript:spoonscript
(Maven)
Apr 12, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user
High
CVE-2023-26269
was published
for
org.apache.james:javax-mail-extension
(Maven)
Apr 3, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Moderate
CVE-2023-28672
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Moderate
CVE-2023-28675
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration
Moderate
CVE-2023-28673
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL
Moderate
CVE-2023-28640
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Mar 27, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25766
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25768
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Moderate
CVE-2023-24448
was published
for
org.jenkins-ci.plugins:rabbitmq-consumer
(Maven)
Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin
Moderate
CVE-2023-24453
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Moderate
CVE-2023-24435
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
Jan 26, 2023
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24438
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs
Moderate
CVE-2023-24436
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
Jan 26, 2023
ProTip!
Advisories are also available from the
GraphQL API