Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

302 advisories

Loading
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Mattermost server allows authenticated user to delete arbitrary post Moderate
CVE-2024-50052 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability Moderate
CVE-2024-42470 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit Moderate
CVE-2024-37898 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jul 31, 2024
TYPO3 Information Disclosure in Backend User Interface Moderate
GHSA-rv8r-8mh5-5376 was published for typo3/cms-core (Composer) May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability Moderate
GHSA-ppm4-r2vc-pg74 was published for simplesamlphp/simplesamlphp (Composer) May 28, 2024
silverstripe/framework missing ACL on reports Moderate
GHSA-52cx-hpc5-cxwc was published for silverstripe/framework (Composer) May 27, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges Moderate
CVE-2024-31865 was published for org.apache.zeppelin:zeppelin-server (Maven) Apr 9, 2024
oscerd
Pebble service manager's file pull API allows access by any user Moderate
CVE-2024-3250 was published for github.com/canonical/pebble (Go) Apr 5, 2024
hpidcock benhoyt
Jenkins docker-build-step Plugin missing permission check Moderate
CVE-2024-2216 was published for org.jenkins-ci.plugins:docker-build-step (Maven) Mar 6, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check Moderate
CVE-2024-28159 was published for org.jenkins-ci.plugins:svn-partial-release-mgr (Maven) Mar 6, 2024
XWiki extension license information is public, exposing instance id and license holder details Moderate
CVE-2024-26138 was published for com.xwiki.licensing:application-licensing-licensor-ui (Maven) Feb 21, 2024
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags Moderate
CVE-2024-24822 was published for pimcore/admin-ui-classic-bundle (Composer) Feb 7, 2024
v32y142y
Apache Airflow: Bypass permission verification to read code of other dags Moderate
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Missing permission check in Jenkins Scriptler Plugin Moderate
CVE-2023-50765 was published for org.jenkins-ci.plugins:scriptler (Maven) Dec 13, 2023
Jenkins Nexus Platform Plugin missing permission check Moderate
CVE-2023-50769 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin Moderate
CVE-2023-50779 was published for com.cloudtp.jenkins:paaslane-estimate (Maven) Dec 13, 2023
Apache DolphinScheduler Missing Authorization vulnerability Moderate
CVE-2023-49620 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Nov 30, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check Moderate
CVE-2023-49674 was published for io.jenkins.plugins:neuvector-vulnerability-scanner (Maven) Nov 29, 2023
secjoker
Jenkins Google Compute Engine Plugin has incorrect permission checks Moderate
CVE-2023-49652 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) Nov 29, 2023
Authenticated users can view job names and groups they do not have authorization to view Moderate
CVE-2023-47112 was published for org.rundeck:rundeckapp (Maven) Nov 16, 2023
Dolibarr Improper Input Validation vulnerability Moderate
CVE-2023-4198 was published for dolibarr/dolibarr (Composer) Nov 1, 2023
Jenkins lambdatest-automation Plugin missing permission check Moderate
CVE-2023-46652 was published for org.jenkins-ci.plugins:lambdatest-automation (Maven) Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database