Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,362
Erlang
33
GitHub Actions
22
Go
2,134
Maven
5,000+
npm
3,797
NuGet
687
pip
3,473
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

310 advisories

Loading
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs Moderate
CVE-2023-24431 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials Moderate
CVE-2023-24433 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin Moderate
CVE-2023-24435 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin Moderate
CVE-2023-24448 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs Moderate
CVE-2023-24436 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin Moderate
CVE-2023-24459 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
PrestaShop has potential Information exposure in the upload directory Moderate
CVE-2022-46158 was published for prestashop/prestashop (Composer) Dec 8, 2022
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore Moderate
CVE-2022-41929 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Missing Authorization in Jenkins XP-Dev Plugin Moderate
CVE-2022-45389 was published for com.cloudbees.jenkins.plugins:xpdev (Maven) Nov 16, 2022
Missing permission check in Jenkins Delete log Plugin Moderate
CVE-2022-45394 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Jenkins Cluster Statistics Plugin Missing Authorization vulnerability Moderate
CVE-2022-45399 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
Apache Archiva subject to arbitrary directory deletion by users. Moderate
CVE-2022-40309 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value Moderate
CVE-2022-43421 was published for org.jenkins-ci.plugins:tuleap-git-branch-source (Maven) Oct 19, 2022
Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability Moderate
CVE-2022-43431 was published for com.compuware.jenkins:compuware-strobe-measurement (Maven) Oct 19, 2022
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43413 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43427 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
Moodle No groups filtering in H5P activity attempts report Moderate
CVE-2022-40316 was published for moodle/moodle (Composer) Oct 1, 2022
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
Jenkins Rundeck Plugin Missing Authorization vulnerability Moderate
CVE-2022-41233 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database