GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
307 advisories
Filter by severity
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check
Moderate
CVE-2024-28159
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
Moderate
CVE-2024-42470
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
XWiki Platform vulnerable to document deletion and overwrite from edit
Moderate
CVE-2024-37898
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 31, 2024
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Missing permission check in Jenkins Kmap Plugin allow SSRF
Moderate
CVE-2019-10293
was published
for
org.jenkins-ci.plugins:kmap-jenkins
(Maven)
May 13, 2022
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
XWiki Platform remote code execution from account through UIExtension parameters
Critical
CVE-2024-31997
was published
for
org.xwiki.platform:xwiki-platform-uiextension-api
(Maven)
Apr 10, 2024
H2O local file inclusion vulnerability
Critical
CVE-2023-6038
was published
for
ai.h2o:h2o-core
(Maven)
Nov 16, 2023
XWiki Platform remote code execution from account via custom skins support
Critical
CVE-2024-31987
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
XWiki Platform: Remote code execution from edit in multilingual wikis via translations
Critical
CVE-2024-31983
was published
for
org.xwiki.platform:xwiki-platform-localization-source-wiki
(Maven)
Apr 10, 2024
XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
Critical
CVE-2024-31981
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 10, 2024
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21685
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
XWiki extension license information is public, exposing instance id and license holder details
Moderate
CVE-2024-26138
was published
for
com.xwiki.licensing:application-licensing-licensor-ui
(Maven)
Feb 21, 2024
Missing permission check in Jenkins Ansible Tower Plugin
Moderate
CVE-2019-10312
was published
for
org.jenkins-ci.plugins:ansible-tower
(Maven)
May 24, 2022
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook
Moderate
CVE-2023-30532
was published
for
org.jenkinsci.plugins.spoonscript:spoonscript
(Maven)
Apr 12, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin allows enumerating credentials IDs
Moderate
CVE-2023-41941
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
Missing permission check in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-41943
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Sep 6, 2023
ProTip!
Advisories are also available from the
GraphQL API