GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
247 advisories
Filter by severity
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
Moderate
CVE-2024-55876
was published
for
org.xwiki.platform:xwiki-platform-scheduler-ui
(Maven)
Dec 12, 2024
Missing permission check in Jenkins Script Security Plugin
Moderate
CVE-2024-52549
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
Nov 13, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check
Moderate
CVE-2024-28159
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
Moderate
CVE-2024-42470
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit
Moderate
CVE-2024-37898
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 31, 2024
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Missing permission check in Jenkins Kmap Plugin allow SSRF
Moderate
CVE-2019-10293
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
XWiki extension license information is public, exposing instance id and license holder details
Moderate
CVE-2024-26138
was published
for
com.xwiki.licensing:application-licensing-licensor-ui
(Maven)
Feb 21, 2024
Missing permission check in Jenkins Ansible Tower Plugin
Moderate
CVE-2019-10312
was published
for
org.jenkins-ci.plugins:ansible-tower
(Maven)
May 24, 2022
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
Moderate
CVE-2023-30532
was published
for
org.jenkinsci.plugins.spoonscript:spoonscript
(Maven)
Apr 12, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs
Moderate
CVE-2023-41941
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-41943
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission check in Jenkins XL TestView Plugin
Moderate
CVE-2019-10387
was published
for
com.xebialabs.xlt.ci:xltestview-plugin
(Maven)
May 24, 2022
Missing permission checks in Jenkins Frugal Testing Plugin
Moderate
CVE-2023-41947
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
CSRF vulnerability in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2019-1003081
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
May 13, 2022
Missing permission check in Jenkins sinatra-chef-builder Plugin
Moderate
CVE-2019-1003087
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
May 13, 2022
Missing permission checks in Jenkins Proxmox Plugin
Moderate
CVE-2022-28144
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
Missing permission check in Jenkins VMware Lab Manager Slaves Plugin
Moderate
CVE-2019-1003079
was published
for
org.jenkins-ci.plugins:labmanager
(Maven)
May 13, 2022
Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks
Moderate
CVE-2017-1000388
was published
for
org.jenkins-ci.plugins:depgraph-view
(Maven)
May 13, 2022
Missing permission check in Jenkins Audit to Database Plugin
Moderate
CVE-2019-1003077
was published
for
org.jenkins-ci.plugins:audit2db
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API