Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

159 advisories

Loading
Apache Ranger allows users to bypass intended access restrictions via the REST API Moderate
CVE-2015-5167 was published for org.apache.ranger:ranger (Maven) May 17, 2022
Incorrect Authorization in Jenkins Core Moderate
CVE-2016-3722 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999047 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Cloud Foundry UAA accepts refresh token as access token on admin endpoints High
CVE-2018-11047 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Improper authorization vulnerability in Jenkins Mesos Plugin Moderate
CVE-2018-1000420 was published for org.jenkins-ci.plugins:mesos (Maven) May 13, 2022
Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration High
CVE-2018-1000197 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 13, 2022
Jenkins vSphere Plugin incorrect authorization vulnerability Moderate
CVE-2018-1000152 was published for org.jenkins-ci.plugins:vsphere-cloud (Maven) May 13, 2022
Jenkins Promoted Builds Plugin allowed unauthorized users to run some promotion processes Moderate
CVE-2018-1000114 was published for org.jenkins-ci.plugins:promoted-builds (Maven) May 13, 2022
Incorrect Authorization in Jenkins Mercurial Plugin Moderate
CVE-2018-1000112 was published for org.jenkins-ci.plugins:mercurial (Maven) May 13, 2022
Jenkins Subversion Plugin Incorrect Authorization vulnerability Moderate
CVE-2018-1000111 was published for org.jenkins-ci.plugins:subversion (Maven) May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin Moderate
CVE-2018-1000106 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin Moderate
CVE-2018-1000105 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 13, 2022
Incorrect Authorization in Jenkins Git Plugin Moderate
CVE-2018-1000110 was published for org.jenkins-ci.plugins:git (Maven) May 13, 2022
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs Moderate
CVE-2018-1000109 was published for org.jenkins-ci.plugins:google-play-android-publisher (Maven) May 13, 2022
Incorrect Authorization in Undertow Moderate
CVE-2017-12196 was published for io.undertow:undertow-core (Maven) May 13, 2022
Jenkins HipChat Plugin allows credential capture due to incorrect authorization High
CVE-2018-1000418 was published for org.jvnet.hudson.plugins:hipchat (Maven) May 13, 2022
Jenkins Jira Plugin Incorrect Authorization vulnerability Moderate
CVE-2018-1000412 was published for org.jenkins-ci.plugins:jira (Maven) May 13, 2022
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
Incorrect Authorization in Jenkins Core Moderate
CVE-2017-2611 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2017-2599 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Apache Tomcat High
CVE-2016-6797 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database