GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
67 advisories
Filter by severity
Jenkins item creation restriction bypass vulnerability
Moderate
CVE-2024-47804
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Oct 2, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
Moderate
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints
Moderate
CVE-2024-29834
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Apr 2, 2024
Elasticsearch Incorrect Authorization vulnerability
Moderate
CVE-2024-23451
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 27, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management
Moderate
CVE-2024-28098
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Mar 12, 2024
OpenNMS privilege escalation vulnerability
Moderate
CVE-2023-40315
was published
for
org.opennms:opennms-webapp-rest
(Maven)
Aug 17, 2023
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials
Moderate
CVE-2023-39154
was published
for
com.qualys.plugins:qualys-was
(Maven)
Jul 26, 2023
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs
Moderate
CVE-2023-32261
was published
for
org.jenkins-ci.plugins:dimensionsscm
(Maven)
Jul 19, 2023
Apache Pulsar Function Worker Incorrect Authorization vulnerability
Moderate
CVE-2023-37579
was published
for
org.apache.pulsar:pulsar-functions-worker
(Maven)
Jul 12, 2023
OpenSearch issue with fine-grained access control during extremely rare race conditions
Moderate
CVE-2023-31141
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
May 9, 2023
OpenSearch has issue with fine-grained access control of indices backing data streams
Moderate
CVE-2022-41918
was published
for
org.opensearch.plugin:opensearch-security
(Maven)
Mar 7, 2023
xwiki contains Incorrect Authorization
Moderate
CVE-2023-26056
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-context
(Maven)
Mar 3, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25768
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Missing permission check in Jenkins build-publisher Plugin
Moderate
CVE-2022-41230
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
XMLUI's metadata of withdrawn Items is exposed to anonymous users
Moderate
CVE-2022-31190
was published
for
org.dspace:dspace-xmlui
(Maven)
Aug 6, 2022
UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance()
Moderate
CVE-2022-31139
was published
for
io.github.karlatemp:unsafe-accessor
(Maven)
Jul 12, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34814
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins requests-plugin
Moderate
CVE-2022-34782
was published
for
org.jenkins-ci.plugins:requests
(Maven)
Jul 1, 2022
NT auth module vulnerability in OpenAM
Moderate
CVE-2022-34298
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 24, 2022
Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement
Moderate
CVE-2022-34180
was published
for
org.jenkins-ci.plugins:embeddable-build-status
(Maven)
Jun 24, 2022
Incorrect Authorization in MySQL Connector Java
Moderate
CVE-2021-2471
was published
for
mysql:mysql-connector-java
(Maven)
May 24, 2022
Improper permission checks allow canceling queue items and aborting builds in Jenkins
Moderate
CVE-2021-21670
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API