GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs
Moderate
CVE-2023-32261
was published
for
org.jenkins-ci.plugins:dimensionsscm
(Maven)
Jul 19, 2023
OpenNMS privilege escalation vulnerability
Moderate
CVE-2023-40315
was published
for
org.opennms:opennms-webapp-rest
(Maven)
Aug 17, 2023
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes
Moderate
CVE-2018-1000114
was published
for
org.jenkins-ci.plugins:promoted-builds
(Maven)
May 13, 2022
Improper authorization vulnerability in Jenkins Mesos Plugin
Moderate
CVE-2018-1000420
was published
for
org.jenkins-ci.plugins:mesos
(Maven)
May 13, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25768
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Memory usage graphs accessible to anyone with Overall/Read
Moderate
CVE-2020-2104
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
Moderate
CVE-2021-21664
was published
for
com.xebialabs.deployit.ci:deployit-plugin
(Maven)
May 24, 2022
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs
Moderate
CVE-2018-1000109
was published
for
org.jenkins-ci.plugins:google-play-android-publisher
(Maven)
May 13, 2022
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21624
was published
for
org.jenkins-ci.plugins:role-strategy
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Mercurial Plugin
Moderate
CVE-2018-1000112
was published
for
org.jenkins-ci.plugins:mercurial
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2018-1000106
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2018-1000105
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 13, 2022
Jenkins Jira Plugin Incorrect Authorization vulnerability
Moderate
CVE-2018-1000412
was published
for
org.jenkins-ci.plugins:jira
(Maven)
May 13, 2022
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items
Moderate
CVE-2021-21623
was published
for
org.jenkins-ci.plugins:matrix-auth
(Maven)
May 24, 2022
Missing permission check for paths with specific prefix in Jenkins
Moderate
CVE-2021-21609
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Missing permission checks in Mac Plugin
Moderate
CVE-2020-2148
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API