Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate
CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Publish Over FTP Plugin Moderate
CVE-2022-29051 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
Missing permission check in Jenkins SSH Plugin Moderate
CVE-2022-30957 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
Missing Authorization in Jenkins Moderate
CVE-2017-1000400 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Missing Authorization in Crafter CMS Moderate
CVE-2017-15680 was published for org.craftercms:crafter-core (Maven) May 24, 2022
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization Moderate
CVE-2022-25193 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
Missing Authorization in Jenkins WMI Windows Agents plugin Moderate
CVE-2022-30951 was published for org.jenkins-ci.plugins:windows-slaves (Maven) May 18, 2022
NotMyFault
Missing permission checks in Jenkins XebiaLabs XL Release Plugin allow enumerating credentials IDs Moderate
CVE-2022-34779 was published for com.xebialabs.ci:xlrelease-plugin (Maven) Jul 1, 2022
NotMyFault
Missing Authorization in Jenkins XPath Configuration Viewer Plugin Moderate
CVE-2022-34811 was published for org.jenkins-ci.plugins:xpath-config-viewer (Maven) Jul 1, 2022
NotMyFault
CSRF vulnerability and mM Moderate
CVE-2022-41246 was published for org.jenkins-ci.plugins:ws-execution-manager (Maven) Sep 22, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36907 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Missing Authorization in Jenkins Deployment Dashboard Plugin Moderate
CVE-2022-34798 was published for org.jenkins-ci.plugins:ec2-deployment-dashboard (Maven) Jul 1, 2022
NotMyFault
Missing permission checks in MongoDB Plugin Moderate
CVE-2020-2267 was published for org.jenkins-ci.plugins:mongodb (Maven) May 24, 2022
NotMyFault
Missing permission check in Perfecto Plugin Moderate
CVE-2020-2260 was published for io.jenkins.plugins:perfecto (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
Missing Authorization in Jenkins Blue Ocean Plugin Moderate
CVE-2017-1000105 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Moderate
CVE-2021-38698 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
Missing permission check in Jenkins Convertigo Mobile Platform Plugin Moderate
CVE-2022-34201 was published for com.convertigo.jenkins.plugins:convertigo-mobile-platform (Maven) Jun 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API