Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

587 advisories

Loading
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003006 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
SSRF vulnerability due to missing permission check in Fortify on Demand Uploader Plugin Moderate
CVE-2019-1003047 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 13, 2022
Missing permission check in Azure VM Agents Plugin allowed modifying VM configuration Moderate
CVE-2019-1003036 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 13, 2022
Jenkins Slack Notification Plugin missing permission check Moderate
CVE-2019-1003043 was published for org.jenkins-ci.plugins:slack (Maven) May 13, 2022
Information disclosure in Azure VM Agents Plugin Moderate
CVE-2019-1003035 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 13, 2022
Unprivileged users with Overall/Read access are able to enumerate credential IDs in Azure VM Agents Plugin Moderate
CVE-2019-1003037 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 13, 2022
Missing permission check in Jenkins Kmap Plugin allow SSRF Moderate
CVE-2019-10293 was published for org.jenkins-ci.plugins:kmap-jenkins (Maven) May 13, 2022
Missing permission check in Jenkins jenkins-reviewbot Plugin Moderate
CVE-2019-10279 was published for org.jenkins-ci.plugins:jenkins-reviewbot (Maven) May 13, 2022
Missing permission check in Jenkins Netsparker Cloud Scan Plugin Moderate
CVE-2019-10290 was published for org.jenkins-ci.plugins:netsparker-cloud-scan (Maven) May 13, 2022
Moodle doesn't properly check role Low
CVE-2010-1617 was published for moodle/moodle (Composer) May 13, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
TYPO3 femanager extension allows remote frontend users to modify or delete records of other frontend users Moderate
CVE-2014-6292 was published for in2code/femanager (Composer) May 13, 2022
Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp Moderate
CVE-2006-3935 was published for org.opencms:opencms-core (Maven) May 1, 2022
Improper Access Control in snipe/snipe-it Moderate
CVE-2022-1511 was published for snipe/snipe-it (Composer) Apr 29, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n Credited to knutz3n and kurt-r2c kurt-r2c kurt-r2c
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin Moderate
CVE-2022-29051 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel Credited to westonsteimel
Missing permission checks in Jekins Bitbucket Server Integration Plugin Moderate
CVE-2022-28134 was published for io.jenkins.plugins:atlassian-bitbucket-server-integration (Maven) Mar 30, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins JiraTestResultReporter Plugin Moderate
CVE-2022-28137 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins RocketChat Notifier Plugin Moderate
CVE-2022-28139 was published for org.jenkins-ci.plugins:rocketchatnotifier (Maven) Mar 30, 2022
NotMyFault Credited to NotMyFault and tdunlap607 tdunlap607 tdunlap607
Missing permission checks in Jenkins Proxmox Plugin Moderate
CVE-2022-28144 was published for org.jenkins-ci.plugins:proxmox (Maven) Mar 30, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin Moderate
CVE-2022-28147 was published for org.jenkins-ci.plugins:ci-with-toad-edge (Maven) Mar 30, 2022
NotMyFault Credited to NotMyFault
Missing permission check in Jenkins Job and Node ownership Plugin Moderate
CVE-2022-28151 was published for com.synopsys.jenkinsci:ownership (Maven) Mar 30, 2022
NotMyFault Credited to NotMyFault
Missing permission Jenkins Pipeline Phoenix AutoTest Plugin Moderate
CVE-2022-28158 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database