GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
Moderate
CVE-2024-55876
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Dec 12, 2024
Missing permission check in Jenkins Script Security Plugin
Moderate
CVE-2024-52549
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 13, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
Moderate
CVE-2024-42470
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit
Moderate
CVE-2024-37898
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 31, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check
Moderate
CVE-2024-28159
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
XWiki extension license information is public, exposing instance id and license holder details
Moderate
CVE-2024-26138
was published
for
com.xwiki.licensing:application-licensing-licensor-ui
(Maven)
Feb 21, 2024
Missing permission check in Jenkins Scriptler Plugin
Moderate
CVE-2023-50765
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin
Moderate
CVE-2023-50779
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check
Moderate
CVE-2023-50769
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Apache DolphinScheduler Missing Authorization vulnerability
Moderate
CVE-2023-49620
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 30, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks
Moderate
CVE-2023-49652
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Authenticated users can view job names and groups they do not have authorization to view
Moderate
CVE-2023-47112
was published
for
org.rundeck:rundeckapp
(Maven)
Nov 16, 2023
Jenkins lambdatest-automation Plugin missing permission check
Moderate
CVE-2023-46652
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check
Moderate
CVE-2023-43501
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
Sep 20, 2023
Missing permission checks in Jenkins Frugal Testing Plugin
Moderate
CVE-2023-41947
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-41943
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs
Moderate
CVE-2023-41941
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property
Moderate
CVE-2023-41046
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 4, 2023
Jenkins Fortify Plugin missing permission check
Moderate
CVE-2023-4302
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
Aug 22, 2023
Jenkins Delphix Plugin missing permission check
Moderate
CVE-2023-40344
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Aug 16, 2023
ProTip!
Advisories are also available from the
GraphQL API