Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

305 advisories

Loading
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin Moderate
CVE-2023-24459 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore Moderate
CVE-2022-41929 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Missing permission check in Jenkins Delete log Plugin Moderate
CVE-2022-45394 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Jenkins Cluster Statistics Plugin Missing Authorization vulnerability Moderate
CVE-2022-45399 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Missing Authorization in Jenkins XP-Dev Plugin Moderate
CVE-2022-45389 was published for com.cloudbees.jenkins.plugins:xpdev (Maven) Nov 16, 2022
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Apache Archiva subject to arbitrary directory deletion by users. Moderate
CVE-2022-40309 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43413 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) Oct 19, 2022
Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability Moderate
CVE-2022-43431 was published for com.compuware.jenkins:compuware-strobe-measurement (Maven) Oct 19, 2022
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value Moderate
CVE-2022-43421 was published for org.jenkins-ci.plugins:tuleap-git-branch-source (Maven) Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43427 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Jenkins Rundeck Plugin Missing Authorization vulnerability Moderate
CVE-2022-41233 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41228 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Jenkins extreme-feedback Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41242 was published for org.jenkins-ci.plugins:extreme-feedback (Maven) Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin Moderate
CVE-2022-41234 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database