Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

303 advisories

Loading
Duplicate Advisory: Grafana Improper Access Control vulnerability Moderate
GHSA-wm7r-3qxj-5xgq was published for github.com/grafana/grafana (Go) Jun 6, 2023 withdrawn
Missing permission check of canView in GridFieldPrintButton Moderate
CVE-2023-22728 was published for silverstripe/framework (Composer) Apr 26, 2023
matrix-js-sdk vulnerable to invisible eavesdropping in group calls Moderate
CVE-2023-29529 was published for matrix-js-sdk (npm) Apr 14, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication Moderate
CVE-2023-30519 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check Moderate
CVE-2023-30518 was published for io.jenkins.plugins:thycotic-secret-server (Maven) Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check Moderate
CVE-2023-30526 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check Moderate
CVE-2023-30522 was published for org.jenkins-ci.plugins:fogbugz (Maven) Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint Moderate
CVE-2023-30521 was published for org.jenkins-ci.plugins:assembla-merge-request-builder (Maven) Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook Moderate
CVE-2023-30532 was published for org.jenkinsci.plugins.spoonscript:spoonscript (Maven) Apr 12, 2023
Jenkins OctoPerf Load Testing Plugin vulnerable to credential capture Moderate
CVE-2023-28672 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Mattermost fails to properly authentication inviter's permissions to private channel Moderate
CVE-2023-1774 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25766 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Missing permission checks in Jenkins GitHub Pull Request Builder Plugin Moderate
CVE-2023-24435 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Missing permissions check in Jenkins JIRA Pipeline Steps Plugin Moderate
CVE-2023-24438 was published for org.jenkins-ci.plugins:jira-steps (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow capturing credentials Moderate
CVE-2023-24433 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Missing permission check in Jenkins RabbitMQ Consumer Plugin Moderate
CVE-2023-24448 was published for org.jenkins-ci.plugins:rabbitmq-consumer (Maven) Jan 26, 2023
Missing permission checks in Jenkins Orka Plugin allow enumerating credentials IDs Moderate
CVE-2023-24431 was published for io.jenkins.plugins:macstadium-orka (Maven) Jan 26, 2023
Jenkins GitHub Pull Request Builder Plugin missing permission check allows enumerating credentials IDs Moderate
CVE-2023-24436 was published for org.jenkins-ci.plugins:ghprb (Maven) Jan 26, 2023
Cisco Spark Notifier Jenkins Plugin contains Missing Authorization Moderate
CVE-2023-24451 was published for org.jenkins-ci.plugins:cisco-spark-notifier-plugin (Maven) Jan 26, 2023
Missing permission check in Jenkins TestQuality Updater Plugin Moderate
CVE-2023-24453 was published for org.jenkins-ci.plugins:testquality-updater (Maven) Jan 26, 2023
Missing permission check in Jenkins BearyChat Plugin Moderate
CVE-2023-24459 was published for org.jenkins-ci.plugins:bearychat (Maven) Jan 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database