GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
51 advisories
Filter by severity
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries
Moderate
CVE-2024-46942
was published
for
org.opendaylight.mdsal:mdsal-artifacts
(Maven)
Sep 16, 2024
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability
Moderate
CVE-2024-46943
was published
for
org.opendaylight.aaa:aaa-artifacts
(Maven)
Sep 16, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic
Moderate
CVE-2023-5675
was published
for
io.quarkus:quarkus-resteasy-reactive-common
(Maven)
Apr 25, 2024
Whole content of all documents of all wikis exposed to anybody with view right on Solr suggest service
High
CVE-2023-48241
was published
for
org.xwiki.platform:xwiki-platform-search-solr-query
(Maven)
Nov 20, 2023
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
High
CVE-2022-4147
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
Dec 6, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
XWiki Platform Improper Authorization check for inactive users
High
CVE-2022-36090
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs
Moderate
CVE-2020-2233
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
High
CVE-2020-2234
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Missing permission checks in Zephyr for JIRA Test Management Plugin
Moderate
CVE-2020-2216
was published
for
org.jenkins-ci.plugins:zephyr-for-jira-test-management
(Maven)
May 24, 2022
Missing permission checks in Jenkins Fortify on Demand Plugin
Moderate
CVE-2020-2204
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 24, 2022
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin
Moderate
CVE-2020-2202
was published
for
org.jenkins-ci.plugins:fortify-on-demand-uploader
(Maven)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2020-2197
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Improper permission checks in Jenkins Swarm Plugin
Moderate
CVE-2020-2191
was published
for
org.jenkins-ci.plugins:swarm
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Moderate
CVE-2020-2188
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Improper permission checks in Jenkins Copy Artifact Plugin
Moderate
CVE-2020-2183
was published
for
org.jenkins-ci.plugins:copyartifact
(Maven)
May 24, 2022
Keycloak users may be able to remove MFA from other users' devices
Moderate
CVE-2020-10686
was published
for
org.keycloak:keycloak-core
(Maven)
May 24, 2022
Improper Authorization in Undertoe
High
CVE-2020-1745
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
Missing permission checks in Mac Plugin
Moderate
CVE-2020-2148
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials
High
CVE-2020-2117
was published
for
org.jenkins-ci.plugins:pipeline-githubnotify-step
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin
Moderate
CVE-2020-2118
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API