GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
Missing authorization in Liferay portal
High
CVE-2023-33948
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Command injection in nevado-jms
High
CVE-2023-31826
was published
for
org.skyscreamer:nevado-jms
(Maven)
May 23, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check
Moderate
CVE-2023-30518
was published
for
io.jenkins.plugins:thycotic-secret-server
(Maven)
Apr 12, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication
Moderate
CVE-2023-30519
was published
for
org.jenkins-ci.plugins:quayio-trigger
(Maven)
Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check
Moderate
CVE-2023-30526
was published
for
org.jenkins-ci.plugins:reportportal
(Maven)
Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check
Moderate
CVE-2023-30522
was published
for
org.jenkins-ci.plugins:fogbugz
(Maven)
Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint
Moderate
CVE-2023-30521
was published
for
org.jenkins-ci.plugins:assembla-merge-request-builder
(Maven)
Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
Moderate
CVE-2023-30532
was published
for
org.jenkinsci.plugins.spoonscript:spoonscript
(Maven)
Apr 12, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user
High
CVE-2023-26269
was published
for
org.apache.james:javax-mail-extension
(Maven)
Apr 3, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections
Moderate
CVE-2023-28675
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration
Moderate
CVE-2023-28673
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture
Moderate
CVE-2023-28672
was published
for
org.jenkinsci.plugins:octoperf
(Maven)
Apr 2, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL
Moderate
CVE-2023-28640
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Mar 27, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25768
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin
Moderate
CVE-2023-25766
was published
for
org.jenkins-ci.plugins:azure-credentials
(Maven)
Feb 15, 2023
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs
Moderate
CVE-2023-24431
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jan 26, 2023
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization
Moderate
CVE-2023-24451
was published
for
org.jenkins-ci.plugins:cisco-spark-notifier-plugin
(Maven)
Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials
Moderate
CVE-2023-24433
was published
for
io.jenkins.plugins:macstadium-orka
(Maven)
Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin
Moderate
CVE-2023-24453
was published
for
org.jenkins-ci.plugins:testquality-updater
(Maven)
Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs
Moderate
CVE-2023-24436
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
Jan 26, 2023
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin
Moderate
CVE-2023-24435
was published
for
org.jenkins-ci.plugins:ghprb
(Maven)
Jan 26, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin
Moderate
CVE-2023-24448
was published
for
org.jenkins-ci.plugins:rabbitmq-consumer
(Maven)
Jan 26, 2023
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin
Moderate
CVE-2023-24438
was published
for
org.jenkins-ci.plugins:jira-steps
(Maven)
Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin
Moderate
CVE-2023-24459
was published
for
org.jenkins-ci.plugins:bearychat
(Maven)
Jan 26, 2023
Missing Authorization in Filter Stream Converter Application of XWiki-platform
Critical
CVE-2022-41937
was published
for
org.xwiki.platform:xwiki-platform-filter-ui
(Maven)
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API