Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

247 advisories

Loading
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user Moderate
CVE-2024-55876 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Dec 12, 2024
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
Jenkins Subversion Partial Release Manager Plugin missing permission check Moderate
CVE-2024-28159 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check Moderate
CVE-2024-2216 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
XWiki Platform vulnerable to document deletion and overwrite from edit Moderate
CVE-2024-37898 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 31, 2024
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Missing permission check in Jenkins Kmap Plugin allow SSRF Moderate
CVE-2019-10293 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
XWiki extension license information is public, exposing instance id and license holder details Moderate
CVE-2024-26138 was published for com.xwiki.licensing:application-licensing-licensor-ui (Maven) Feb 21, 2024
Missing permission check in Jenkins Ansible Tower Plugin Moderate
CVE-2019-10312 was published for org.jenkins-ci.plugins:ansible-tower (Maven) May 24, 2022
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook Moderate
CVE-2023-30532 was published for org.jenkinsci.plugins.spoonscript:spoonscript (Maven) Apr 12, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs Moderate
CVE-2023-41941 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-41943 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Sep 6, 2023
Missing permission check in Jenkins XL TestView Plugin Moderate
CVE-2019-10387 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
Missing permission checks in Jenkins Frugal Testing Plugin Moderate
CVE-2023-41947 was published for io.jenkins.plugins:frugal-testing (Maven) Sep 6, 2023
CSRF vulnerability in Jenkins OpenShift Deployer Plugin Moderate
CVE-2019-1003081 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) May 13, 2022
Missing permission check in Jenkins sinatra-chef-builder Plugin Moderate
CVE-2019-1003087 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) May 13, 2022
Missing permission checks in Jenkins Proxmox Plugin Moderate
CVE-2022-28144 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
Missing permission check in Jenkins VMware Lab Manager Slaves Plugin Moderate
CVE-2019-1003079 was published for org.jenkins-ci.plugins:labmanager (Maven) May 13, 2022
Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks Moderate
CVE-2017-1000388 was published for org.jenkins-ci.plugins:depgraph-view (Maven) May 13, 2022
Missing permission check in Jenkins Audit to Database Plugin Moderate
CVE-2019-1003077 was published for org.jenkins-ci.plugins:audit2db (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API