Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

31 advisories

Loading
XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right Moderate
CVE-2025-48063 was published for org.xwiki.platform:xwiki-platform-security-authorization-bridge (Maven) May 21, 2025
Graylog's Authenticated HTTP inputs ingest message even if Authorization header is missing or has wrong value Moderate
CVE-2025-30373 was published for org.graylog2:graylog2-server (Maven) Apr 7, 2025
fabsx00
Incorrect permission check in Jenkins GitLab Plugin allows enumerating credentials IDs Moderate
CVE-2025-24397 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) Jan 22, 2025
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Keycloak users may be able to remove MFA from other users' devices Moderate
CVE-2020-10686 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Copy Artifact Plugin Moderate
CVE-2020-2183 was published for org.jenkins-ci.plugins:copyartifact (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Improper authorization in Jenkins Job and Node Ownership Plugin Moderate
CVE-2018-1000107 was published for com.synopsys.jenkinsci:ownership (Maven) May 13, 2022
Missing permission checks in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2204 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Missing permission checks in Mac Plugin Moderate
CVE-2020-2148 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Gerrit Trigger Plugin Moderate
CVE-2019-16552 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Missing Authorization in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10344 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Missing permission checks in Zephyr for JIRA Test Management Plugin Moderate
CVE-2020-2216 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs Moderate
CVE-2020-2233 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2197 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin Moderate
CVE-2020-2118 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 24, 2022
NotMyFault
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2019-10357 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) May 24, 2022
dbolkensteyn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database