Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

36 advisories

Loading
Incorrect Default Permissions in Apache JSPWiki Critical
CVE-2021-44140 was published for org.apache.jspwiki:jspwiki-main (Maven) Nov 29, 2021
Incorrect Default Permissions in Apache DolphinScheduler High
CVE-2020-13922 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Feb 9, 2022
Incorrect Default Permissions in Apache Tomcat High
CVE-2020-8022 was published for org.apache.tomcat:tomcat (Maven) Feb 9, 2022 withdrawn
westonsteimel
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27205 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
Missing permission checks in AWS Credentials Plugin Moderate
CVE-2022-27199 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
Apache Tomcat may be started without proper security settings High
CVE-2002-0493 was published for org.apache.tomcat:tomcat (Maven) Apr 30, 2022
Incorrect Default Permissions in Apache Commons FileUpload Low
CVE-2013-0248 was published for commons-fileupload:commons-fileupload (Maven) May 5, 2022
Jenkins Build Step Plugin fails to check Item/Build permission Moderate
CVE-2017-1000089 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 13, 2022
Parameterized Trigger Plugin fails to check Item/Build permission Moderate
CVE-2017-1000084 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) May 13, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions Moderate
CVE-2019-10463 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration Moderate
CVE-2019-10473 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check Moderate
CVE-2019-10465 was published for org.jenkins-ci.plugins:weblogic-deployer-plugin (Maven) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions Moderate
CVE-2019-10472 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Global Post Script Plugin missing permission check Moderate
CVE-2019-10474 was published for org.jenkins-ci.plugins:global-post-script (Maven) May 24, 2022
Missing permission check in Jenkins Gerrit Trigger Plugin Moderate
CVE-2019-16552 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16554 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check Moderate
CVE-2019-16559 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Improper permission checks in Jenkins Copy Artifact Plugin Moderate
CVE-2020-2183 was published for org.jenkins-ci.plugins:copyartifact (Maven) May 24, 2022
NotMyFault
Incorrect Default Permissions in JetBrains Kotlin Moderate
CVE-2020-29582 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) May 24, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42130 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42127 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42128 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API