Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

245 advisories

Loading
Missing permission check in Jenkins RabbitMQ Consumer Plugin Moderate
CVE-2023-24448 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin Moderate
CVE-2023-24435 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs Moderate
CVE-2023-24436 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin Moderate
CVE-2023-24459 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore Moderate
CVE-2022-41929 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Nov 21, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin Moderate
CVE-2022-45385 was published for org.jenkins-ci.plugins:dockerhub-notification (Maven) Nov 16, 2022
NotMyFault
Missing Authorization in Jenkins XP-Dev Plugin Moderate
CVE-2022-45389 was published for com.cloudbees.jenkins.plugins:xpdev (Maven) Nov 16, 2022
Missing permission check in Jenkins Delete log Plugin Moderate
CVE-2022-45394 was published for org.jenkins-ci.plugins:delete-log-plugin (Maven) Nov 16, 2022
NotMyFault
Jenkins Cluster Statistics Plugin Missing Authorization vulnerability Moderate
CVE-2022-45399 was published for org.zeroturnaround:cluster-stats (Maven) Nov 16, 2022
Apache Archiva subject to arbitrary directory deletion by users. Moderate
CVE-2022-40309 was published for org.apache.archiva:archiva-common (Maven) Nov 15, 2022
Jenkins Tuleap Git Branch Source Plugin allows unauthenticated attackers to trigger Tuleap projects whose configured repo matches attacker-specified value Moderate
CVE-2022-43421 was published for org.jenkins-ci.plugins:tuleap-git-branch-source (Maven) Oct 19, 2022
Jenkins Compuware Strobe Measurement Plugin Missing Authorization vulnerability Moderate
CVE-2022-43431 was published for com.compuware.jenkins:compuware-strobe-measurement (Maven) Oct 19, 2022
Jenkins Job Import Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43413 was published for org.jenkins-ci.plugins:job-import-plugin (Maven) Oct 19, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials Moderate
CVE-2022-43417 was published for org.jenkins-ci.plugins:katalon (Maven) Oct 19, 2022
NotMyFault
Jenkins Compuware Topaz for Total Test Plugin allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins Moderate
CVE-2022-43427 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
Liferay Portal Missing Authorization vulnerability Moderate
CVE-2022-39975 was published for com.liferay.portal:release.portal.bom (Maven) Sep 23, 2022
Jenkins NS-ND Integration Performance Publisher Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41228 was published for io.jenkins.plugins:cavisson-ns-nd-integration (Maven) Sep 22, 2022
NotMyFault
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Jenkins Rundeck Plugin Missing Authorization vulnerability Moderate
CVE-2022-41233 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Missing webhook endpoint authorization in Jenkins Rundeck Plugin Moderate
CVE-2022-41234 was published for org.jenkins-ci.plugins:rundeck (Maven) Sep 22, 2022
NotMyFault
Jenkins extreme-feedback Plugin vulnerable to Missing Authorization Moderate
CVE-2022-41242 was published for org.jenkins-ci.plugins:extreme-feedback (Maven) Sep 22, 2022
Missing permission check in Jenkins build-publisher Plugin Moderate
CVE-2022-41230 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API