Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,426
Maven
5,000+
npm
5,000+
NuGet
882
pip
4,670
Pub
13
RubyGems
1,029
Rust
1,212
Swift
53
Unreviewed advisories
All unreviewed
5,000+

173 advisories

Loading
Jenkins Google Play Android Publisher Plugin allows attacker to obtain credential IDs Moderate
CVE-2018-1000109 was published for org.jenkins-ci.plugins:google-play-android-publisher (Maven) May 13, 2022
Incorrect Authorization in Jenkins Git Plugin Moderate
CVE-2018-1000110 was published for org.jenkins-ci.plugins:git (Maven) May 13, 2022
Incorrect Authorization in Jenkins Gerrit Trigger Plugin Moderate
CVE-2018-1000106 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 13, 2022
Incorrect Authorization in Undertow Moderate
CVE-2017-12196 was published for io.undertow:undertow-core (Maven) May 13, 2022
Jenkins HipChat Plugin allows credential capture due to incorrect authorization High
CVE-2018-1000418 was published for org.jvnet.hudson.plugins:hipchat (Maven) May 13, 2022
Jenkins Jira Plugin Incorrect Authorization vulnerability Moderate
CVE-2018-1000412 was published for org.jenkins-ci.plugins:jira (Maven) May 13, 2022
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131 Credited to MarkLee131
Incorrect Authorization in Jenkins Core Moderate
CVE-2017-2611 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2017-2599 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Apache Tomcat High
CVE-2016-6797 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ Credited to sunSUNQ
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n Credited to knutz3n and kurt-r2c kurt-r2c kurt-r2c
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-29047 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Apr 13, 2022
NotMyFault Credited to NotMyFault
Permissions bypass in SmallRye Moderate
CVE-2020-1729 was published for io.smallrye.config:smallrye-config (Maven) Mar 18, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
Improper Authorization in org.cometd.oort High
CVE-2022-24721 was published for org.cometd.java:cometd-java-oort (Maven) Mar 15, 2022
Access Control vulnerability within CoreNLP Critical
CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022
Incorrect Authorization in WildFly Elytron High
CVE-2020-1748 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-core (Maven) Feb 10, 2022
kurt-r2c Credited to kurt-r2c and jfposton jfposton jfposton
Incorrect Authorization in Apache Solr Moderate
CVE-2018-11802 was published for org.apache.solr:solr-core (Maven) Feb 9, 2022
tjuyuxinzhang Credited to tjuyuxinzhang
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Partial authorization bypass on document save in xwiki-platform Moderate
CVE-2022-23615 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database