Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

113 advisories

Loading
Missing Authorization in Jenkins Recipe Plugin High
CVE-2022-34794 was published for org.jenkins-ci.plugins:recipe (Maven) Jul 1, 2022
NotMyFault Credited to NotMyFault
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel Credited to westonsteimel
Moodle incorrect access control High
CVE-2020-25629 was published for moodle/moodle (Composer) May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault Credited to NotMyFault and anonymous-nlp-student anonymous-nlp-student anonymous-nlp-student
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials High
CVE-2020-2234 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Jenkins Team Concert Plugin missing permission check High
CVE-2019-16566 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Total.js CMS Unauthorized Access High
CVE-2019-15953 was published for total4 (npm) May 24, 2022
Jenkins Ansible Tower Plugin missing permission check High
CVE-2019-10311 was published for org.jenkins-ci.plugins:ansible-tower (Maven) May 24, 2022
Jenkins GitLab Plugin missing permission checks High
CVE-2019-10301 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) May 24, 2022
Regular expression denial of service in Apache ShenYu High
CVE-2022-26650 was published for org.apache.shenyu:shenyu (Maven) May 18, 2022
Missing Authorization in Jenkins SSH plugin High
CVE-2022-30959 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
Apache Sentry may allow attacker to access/remove data from Sentry protected table High
CVE-2018-8028 was published for org.apache.sentry:sentry (Maven) May 13, 2022
Dolibarr arbitrary commands execution High
CVE-2018-10092 was published for dolibarr/dolibarr (Composer) May 13, 2022
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings High
CVE-2017-1000086 was published for org.jenkins-ci.plugins:periodicbackup (Maven) May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003006 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault Credited to NotMyFault
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf Credited to ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database