Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
45
Go
3,248
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,513
Pub
12
RubyGems
997
Rust
1,189
Swift
51
Unreviewed advisories
All unreviewed
5,000+

352 advisories

Loading
Apache NiFi: Missing Authorization of Restricted Permissions for Component Updates High
CVE-2026-25903 was published for org.apache.nifi:nifi-web-api (Maven) Feb 17, 2026
Jenkins is missing a permission check on password fields Moderate
CVE-2025-67636 was published for org.jenkins-ci.main:jenkins-core (Maven) Dec 10, 2025
BlazeMeter Jenkins Plugin is Missing Authorization for Available Resources Moderate
CVE-2025-13472 was published for com.blazemeter.plugins:BlazeMeterJenkinsPlugin (Maven) Dec 3, 2025
XWiki view file macro: User can view content of office file without view rights on the attachment Moderate
CVE-2025-65089 was published for com.xwiki.pro:xwiki-pro-macros-ui (Maven) Nov 18, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64150 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins Publish to Bitbucket Plugin is missing a permissions check Moderate
CVE-2025-64148 was published for org.jenkins-ci.plugins:publish-to-bitbucket (Maven) Oct 29, 2025
Jenkins MCP Server Plugin does not perform permission checks in multiple MCP tools Moderate
CVE-2025-64132 was published for io.jenkins.plugins:mcp-server (Maven) Oct 29, 2025
Jenkins Start Windocks Containers Plugin is missing a permission check Moderate
CVE-2025-64139 was published for org.jenkins-ci.plugins:windocks-start-container (Maven) Oct 29, 2025
Jenkins Themis Plugin is missing a permission check Moderate
CVE-2025-64137 was published for org.jenkins-ci.plugins:themis (Maven) Oct 29, 2025
Jenkins Nexus Task Runner Plugin is missing a permission check Moderate
CVE-2025-64142 was published for org.jenkins-ci.plugins:nexus-task-runner (Maven) Oct 29, 2025
Liferay Portal and DXP do not properly restrict access to OpenAPI Moderate
CVE-2025-62256 was published for com.liferay:com.liferay.portal.security.auth.verifier (Maven) Oct 23, 2025
Liferay Portal and DXP are Missing Authorization in Collection Provider Low
CVE-2025-62247 was published for com.liferay:com.liferay.search.experiences.service (Maven) Oct 22, 2025
PowerJob OpenAPIController is missing authorization Moderate
CVE-2025-11581 was published for tech.powerjob:powerjob-server-starter (Maven) Oct 10, 2025
PowerJob has Missing Authorization in its /user/list file Moderate
CVE-2025-11580 was published for tech.powerjob:powerjob (Maven) Oct 10, 2025
Jenkins is missing a permission check in the authenticated users' profile menu Moderate
CVE-2025-59475 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins has a missing permission check, allowing users to obtain agent names Moderate
CVE-2025-59474 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Liferay Portal allows remote attackers to view display page templates via crafted URLs Moderate
CVE-2025-43805 was published for com.liferay:com.liferay.asset.display.page.service (Maven) Sep 17, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
Liferay Portal allows improper access through the expandoTableLocalService Moderate
CVE-2025-43773 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl (Maven) Aug 29, 2025
GeoServer Missing Authorization on REST API Index Moderate
CVE-2025-27505 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka Credited to sikeoka
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
Any user with view access to the XWiki space can change the authenticator High
CVE-2025-46557 was published for org.xwiki.platform:xwiki-platform-security-authentication-ui (Maven) Apr 30, 2025
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API Moderate
CVE-2025-46554 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 30, 2025
LMonert Credited to LMonert
org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right Critical
CVE-2025-32973 was published for org.xwiki.platform:xwiki-platform-component-wiki (Maven) Apr 29, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database