Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

413 advisories

Loading
Missing Authorization in HashiCorp Consul High
CVE-2022-3920 was published for github.com/hashicorp/consul (Go) Nov 16, 2022
Apache Archiva subject to arbitrary directory deletion by users. Moderate
CVE-2022-40309 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user High
CVE-2022-40308 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43413 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) Oct 19, 2022
Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability Moderate
CVE-2022-43431 was published for com.compuware.jenkins:compuware-strobe-measurement (Maven) Oct 19, 2022
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value Moderate
CVE-2022-43421 was published for org.jenkins-ci.plugins:tuleap-git-branch-source (Maven) Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43427 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions High
CVE-2021-41803 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
anonymous4ACL24
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
Jenkins extreme-feedback Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41242 was published for org.jenkins-ci.plugins:extreme-feedback (Maven) Sep 22, 2022
Missing webhook endpoint authorization in Jenkins Rundeck Plugin Moderate
CVE-2022-41234 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins build-publisher Plugin Moderate
CVE-2022-41230 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Jenkins Rundeck Plugin Missing Authorization vulnerability Moderate
CVE-2022-41233 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41228 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins SCM HttpClient Plugin allow capturing credentials Moderate
CVE-2022-41250 was published for com.meowlomo.jenkins:scm-httpclient (Maven) Sep 22, 2022
NotMyFault
Jenkins Apprenda Plugin has Missing Authorization vulnerability Moderate
CVE-2022-41251 was published for org.jenkins-ci.plugins:apprenda (Maven) Sep 22, 2022
Missing permission checks in Jenkins CONS3RT Plugin allow enumerating credentials IDs Moderate
CVE-2022-41252 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
Missing permission checks in Jenkins CONS3RT Plugin allow capturing credentials Moderate
CVE-2022-41254 was published for org.jenkins-ci.plugins:cons3rt (Maven) Sep 22, 2022
NotMyFault
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database