GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
305 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin
Moderate
CVE-2022-29051
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
Missing permission check in Jenkins SSH Plugin
Moderate
CVE-2022-30957
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Missing Authorization in Jenkins
Moderate
CVE-2017-1000400
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Missing Authorization in Crafter CMS
Moderate
CVE-2017-15680
was published
for
org.craftercms:crafter-core
(Maven)
May 24, 2022
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization
Moderate
CVE-2022-25193
was published
for
io.jenkins.plugins:embotics-vcommander
(Maven)
Feb 16, 2022
Missing Authorization in Jenkins WMI Windows Agents plugin
Moderate
CVE-2022-30951
was published
for
org.jenkins-ci.plugins:windows-slaves
(Maven)
May 18, 2022
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs
Moderate
CVE-2022-34779
was published
for
com.xebialabs.ci:xlrelease-plugin
(Maven)
Jul 1, 2022
Missing Authorization in Jenkins XPath Configuration Viewer Plugin
Moderate
CVE-2022-34811
was published
for
org.jenkins-ci.plugins:xpath-config-viewer
(Maven)
Jul 1, 2022
CSRF vulnerability and mM
Moderate
CVE-2022-41246
was published
for
org.jenkins-ci.plugins:ws-execution-manager
(Maven)
Sep 22, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36907
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Missing Authorization in Jenkins Deployment Dashboard Plugin
Moderate
CVE-2022-34798
was published
for
org.jenkins-ci.plugins:ec2-deployment-dashboard
(Maven)
Jul 1, 2022
Missing permission checks in MongoDB Plugin
Moderate
CVE-2020-2267
was published
for
org.jenkins-ci.plugins:mongodb
(Maven)
May 24, 2022
Missing permission check in Perfecto Plugin
Moderate
CVE-2020-2260
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin
Moderate
CVE-2022-36909
was published
for
org.jenkins-ci.plugins:openshift-deployer
(Maven)
Jul 28, 2022
Missing permission checks in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36912
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
Missing Authorization in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000105
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API
Moderate
CVE-2021-39184
was published
for
electron
(npm)
Oct 12, 2021
snipe-it is vulnerable to Improper Access Control
Moderate
CVE-2021-4089
was published
for
snipe/snipe-it
(Composer)
Dec 16, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Missing permission check in Jenkins Convertigo Mobile Platform Plugin
Moderate
CVE-2022-34201
was published
for
com.convertigo.jenkins.plugins:convertigo-mobile-platform
(Maven)
Jun 24, 2022
Missing permission check in Jenkins vRealize Orchestrator Plugin
Moderate
CVE-2022-34212
was published
for
org.jenkins-ci.plugins:vmware-vrealize-orchestrator
(Maven)
Jun 24, 2022
ProTip!
Advisories are also available from the
GraphQL API