GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,035
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Access control bypass in Apache ZooKeeper
Moderate
CVE-2019-0201
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 29, 2019
Missing Authorization in Jenkins Kubernetes CLI Plugin
Moderate
CVE-2021-21661
was published
for
org.jenkins-ci.plugins:kubernetes-cli
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21650
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin
Moderate
CVE-2021-21651
was published
for
org.jenkins-ci.plugins:s3
(Maven)
Jun 16, 2021
Missing Authorization in jenkins xray-connector
Moderate
CVE-2021-21653
was published
for
org.jenkins-ci.plugins:xray-connector
(Maven)
Jun 16, 2021
Missing Authorization in Jenkins P4 plugin
Moderate
CVE-2021-21654
was published
for
org.jenkins-ci.plugins:p4
(Maven)
Jun 16, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
Missing permission check in Jenkins Publish Over SSH Plugin
Moderate
CVE-2022-23112
was published
for
org.jenkins-ci.plugins:publish-over-ssh
(Maven)
Jan 13, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs
Moderate
CVE-2022-20620
was published
for
org.jenkins-ci.plugins:ssh-agent
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Missing authorization in xwiki-platform
Moderate
CVE-2022-23617
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
Missing authorization in xwiki-platform
Moderate
CVE-2022-23621
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
Improper Access Control in infinispan-server-runtime
Moderate
CVE-2020-25711
was published
for
org.infinispan:infinispan-core
(Maven)
Feb 9, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials
Moderate
CVE-2022-25201
was published
for
com.checkmarx.jenkins:checkmarx
(Maven)
Feb 16, 2022
Missing permission check in Jenkins autonomiq Plugin
Moderate
CVE-2022-25195
was published
for
io.jenkins.plugins:autonomiq
(Maven)
Feb 16, 2022
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Moderate
CVE-2022-25193
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs
Moderate
CVE-2022-25190
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Release Helper Plugin
Moderate
CVE-2022-27215
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
Moderate
CVE-2022-27209
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27205
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API