GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
299 advisories
Filter by severity
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-41943
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission checks in Jenkins Frugal Testing Plugin
Moderate
CVE-2023-41947
was published
for
io.jenkins.plugins:frugal-testing
(Maven)
Sep 6, 2023
Velocity execution without script right through VelocityCode and VelocityWiki property
Moderate
CVE-2023-41046
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 4, 2023
Jenkins Fortify Plugin missing permission check
Moderate
CVE-2023-4302
was published
for
org.jenkins-ci.plugins:fortify
(Maven)
Aug 22, 2023
Jenkins Delphix Plugin missing permission check
Moderate
CVE-2023-40344
was published
for
org.jenkins-ci.plugins:delphix
(Maven)
Aug 16, 2023
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible
Moderate
CVE-2023-40027
was published
for
@keystone-6/core
(npm)
Aug 15, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks
Moderate
CVE-2023-4106
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Nomad Search API Leaks Information About CSI Plugins
Moderate
CVE-2023-3300
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Nomad ACL Policies without Label are Applied to Unexpected Resources
Moderate
CVE-2023-3072
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Jenkins Benchmark Evaluator Plugin missing permission check
Moderate
CVE-2023-37963
was published
for
io.jenkins.plugins:benchmark-evaluator
(Maven)
Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check
Moderate
CVE-2023-37965
was published
for
org.jenkins-ci.plugins:elasticbox
(Maven)
Jul 12, 2023
Jenkins Sumologic Publisher Plugin missing permission check
Moderate
CVE-2023-37959
was published
for
org.jenkins-ci.plugins:sumologic-publisher
(Maven)
Jul 12, 2023
Jenkins mabl Plugin missing permission check
Moderate
CVE-2023-37953
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint.
Moderate
CVE-2023-37944
was published
for
org.datadog.jenkins.plugins:datadog
(Maven)
Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check
Moderate
CVE-2023-37956
was published
for
org.jenkins-ci.plugins:test-results-aggregator
(Maven)
Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check
Moderate
CVE-2023-37945
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
Jul 12, 2023
Jenkins mabl Plugin missing permission check
Moderate
CVE-2023-37950
was published
for
com.mabl.integration.jenkins:mabl-integration
(Maven)
Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check
Moderate
CVE-2023-37949
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jul 12, 2023
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation
Moderate
CVE-2023-3315
was published
for
org.jenkins-ci.plugins:teamconcert
(Maven)
Jun 19, 2023
Mattermost Server Missing Authorization vulnerability
Moderate
CVE-2023-2783
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jun 16, 2023
Jenkins Digital.ai App Management Publisher Plugin missing permission checks
Moderate
CVE-2023-35149
was published
for
org.jenkins-ci.plugins:ease-plugin
(Maven)
Jun 14, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning
Moderate
CVE-2023-34234
was published
for
@openzeppelin/contracts
(npm)
Jun 8, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability
Moderate
GHSA-wm7r-3qxj-5xgq
was published
for
github.com/grafana/grafana
(Go)
Jun 6, 2023
•
withdrawn
Missing permission check of canView in GridFieldPrintButton
Moderate
CVE-2023-22728
was published
for
silverstripe/framework
(Composer)
Apr 26, 2023
matrix-js-sdk vulnerable to invisible eavesdropping in group calls
Moderate
CVE-2023-29529
was published
for
matrix-js-sdk
(npm)
Apr 14, 2023
ProTip!
Advisories are also available from the
GraphQL API