GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
306 advisories
Filter by severity
Missing permission check in Jenkins TestQuality Updater Plugin
Moderate
CVE-2023-24453
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Moderate
CVE-2023-24448
was published
for
org.jenkins-ci.plugins:rabbitmq-consumer
(Maven)
Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin
Moderate
CVE-2023-24459
was published
for
org.jenkins-ci.plugins:bearychat
(Maven)
Jan 26, 2023
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
PrestaShop has potential Information exposure in the upload directory
Moderate
CVE-2022-46158
was published
for
prestashop/prestashop
(Composer)
Dec 8, 2022
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore
Moderate
CVE-2022-41929
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Nov 21, 2022
Missing permission check in Jenkins Delete log Plugin
Moderate
CVE-2022-45394
was published
for
org.jenkins-ci.plugins:delete-log-plugin
(Maven)
Nov 16, 2022
Jenkins Cluster Statistics Plugin Missing Authorization vulnerability
Moderate
CVE-2022-45399
was published
for
org.zeroturnaround:cluster-stats
(Maven)
Nov 16, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Moderate
CVE-2022-45390
was published
for
io.loader:loaderio-jenkins-plugin
(Maven)
Nov 16, 2022
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
Moderate
CVE-2022-45385
was published
for
org.jenkins-ci.plugins:dockerhub-notification
(Maven)
Nov 16, 2022
Missing Authorization in Jenkins XP-Dev Plugin
Moderate
CVE-2022-45389
was published
for
com.cloudbees.jenkins.plugins:xpdev
(Maven)
Nov 16, 2022
Apache Archiva subject to arbitrary directory deletion by users.
Moderate
CVE-2022-40309
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value
Moderate
CVE-2022-43421
was published
for
org.jenkins-ci.plugins:tuleap-git-branch-source
(Maven)
Oct 19, 2022
Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability
Moderate
CVE-2022-43431
was published
for
com.compuware.jenkins:compuware-strobe-measurement
(Maven)
Oct 19, 2022
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Moderate
CVE-2022-43413
was published
for
org.jenkins-ci.plugins:job-import-plugin
(Maven)
Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials
Moderate
CVE-2022-43417
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins
Moderate
CVE-2022-43427
was published
for
com.compuware.jenkins:compuware-topaz-for-total-test
(Maven)
Oct 19, 2022
Moodle No groups filtering in H5P activity attempts report
Moderate
CVE-2022-40316
was published
for
moodle/moodle
(Composer)
Oct 1, 2022
Liferay Portal Missing Authorization vulnerability
Moderate
CVE-2022-39975
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Sep 23, 2022
CSRF vulnerability and mM
Moderate
CVE-2022-41246
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability
Moderate
CVE-2022-41233
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
Jenkins extreme-feedback Plugin vulnerable to Missing Authorization
Moderate
CVE-2022-41242
was published
for
org.jenkins-ci.plugins:extreme-feedback
(Maven)
Sep 22, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization
Moderate
CVE-2022-41228
was published
for
io.jenkins.plugins:cavisson-ns-nd-integration
(Maven)
Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin
Moderate
CVE-2022-41234
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
Sep 22, 2022
ProTip!
Advisories are also available from the
GraphQL API