Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

246 advisories

Loading
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate
CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Access control bypass in Apache ZooKeeper Moderate
CVE-2019-0201 was published for org.apache.zookeeper:zookeeper (Maven) May 29, 2019
Missing Authorization in Jenkins Kubernetes CLI Plugin Moderate
CVE-2021-21661 was published for org.jenkins-ci.plugins:kubernetes-cli (Maven) Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21650 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21651 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing Authorization in jenkins xray-connector Moderate
CVE-2021-21653 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
Missing Authorization in Jenkins P4 plugin Moderate
CVE-2021-21654 was published for org.jenkins-ci.plugins:p4 (Maven) Jun 16, 2021
NotMyFault
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
Missing permission check in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23112 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Missing authorization in xwiki-platform Moderate
CVE-2022-23617 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23621 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Checkmarx Plugin allow capturing credentials Moderate
CVE-2022-25201 was published for com.checkmarx.jenkins:checkmarx (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins autonomiq Plugin Moderate
CVE-2022-25195 was published for io.jenkins.plugins:autonomiq (Maven) Feb 16, 2022
westonsteimel
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization Moderate
CVE-2022-25193 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins Conjur Secrets Plugin allows enumerating credentials IDs Moderate
CVE-2022-25190 was published for org.conjur.jenkins:conjur-credentials (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Release Helper Plugin Moderate
CVE-2022-27215 was published for org.jenkins-ci.plugins:release-helper (Maven) Mar 16, 2022
NotMyFault
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs Moderate
CVE-2022-27209 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF Moderate
CVE-2022-27205 was published for org.jenkins-ci.plugins:extended-choice-parameter (Maven) Mar 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database