GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
300 advisories
Filter by severity
XWiki Platform document history including authors of any page exposed to unauthorized actors
Moderate
CVE-2024-45591
was published
for
org.xwiki.platform:xwiki-platform-rest-server
(Maven)
Sep 10, 2024
CometVisu Backend for openHAB has a sensitive information disclosure vulnerability
Moderate
CVE-2024-42470
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Jenkins does not perform a permission check in an HTTP endpoint
Moderate
CVE-2024-43045
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
XWiki Platform vulnerable to document deletion and overwrite from edit
Moderate
CVE-2024-37898
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jul 31, 2024
Arbitrary file deletion in litellm
Moderate
CVE-2024-4888
was published
for
litellm
(pip)
Jun 6, 2024
TYPO3 Information Disclosure in Backend User Interface
Moderate
GHSA-rv8r-8mh5-5376
was published
for
typo3/cms-core
(Composer)
May 30, 2024
SimpleSAMLphp Information Disclosure vulnerability
Moderate
GHSA-ppm4-r2vc-pg74
was published
for
simplesamlphp/simplesamlphp
(Composer)
May 28, 2024
silverstripe/framework missing ACL on reports
Moderate
GHSA-52cx-hpc5-cxwc
was published
for
silverstripe/framework
(Composer)
May 27, 2024
Apache Zeppelin: Cron arbitrary user impersonation with improper privileges
Moderate
CVE-2024-31865
was published
for
org.apache.zeppelin:zeppelin-server
(Maven)
Apr 9, 2024
Pebble service manager's file pull API allows access by any user
Moderate
CVE-2024-3250
was published
for
github.com/canonical/pebble
(Go)
Apr 5, 2024
Jenkins Subversion Partial Release Manager Plugin missing permission check
Moderate
CVE-2024-28159
was published
for
org.jenkins-ci.plugins:svn-partial-release-mgr
(Maven)
Mar 6, 2024
Jenkins docker-build-step Plugin missing permission check
Moderate
CVE-2024-2216
was published
for
org.jenkins-ci.plugins:docker-build-step
(Maven)
Mar 6, 2024
XWiki extension license information is public, exposing instance id and license holder details
Moderate
CVE-2024-26138
was published
for
com.xwiki.licensing:application-licensing-licensor-ui
(Maven)
Feb 21, 2024
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Moderate
CVE-2024-24822
was published
for
pimcore/admin-ui-classic-bundle
(Composer)
Feb 7, 2024
Apache Airflow: Bypass permission verification to read code of other dags
Moderate
CVE-2023-50944
was published
for
apache-airflow
(pip)
Jan 24, 2024
Jenkins Nexus Platform Plugin missing permission check
Moderate
CVE-2023-50769
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Missing permission check in Jenkins PaaSLane Estimate Plugin
Moderate
CVE-2023-50779
was published
for
com.cloudtp.jenkins:paaslane-estimate
(Maven)
Dec 13, 2023
Missing permission check in Jenkins Scriptler Plugin
Moderate
CVE-2023-50765
was published
for
org.jenkins-ci.plugins:scriptler
(Maven)
Dec 13, 2023
Apache DolphinScheduler Missing Authorization vulnerability
Moderate
CVE-2023-49620
was published
for
org.apache.dolphinscheduler:dolphinscheduler-api
(Maven)
Nov 30, 2023
Jenkins Google Compute Engine Plugin has incorrect permission checks
Moderate
CVE-2023-49652
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
Nov 29, 2023
Jenkins NeuVector Vulnerability Scanner Plugin missing permission check
Moderate
CVE-2023-49674
was published
for
io.jenkins.plugins:neuvector-vulnerability-scanner
(Maven)
Nov 29, 2023
Authenticated users can view job names and groups they do not have authorization to view
Moderate
CVE-2023-47112
was published
for
org.rundeck:rundeckapp
(Maven)
Nov 16, 2023
Dolibarr Improper Input Validation vulnerability
Moderate
CVE-2023-4198
was published
for
dolibarr/dolibarr
(Composer)
Nov 1, 2023
Jenkins lambdatest-automation Plugin missing permission check
Moderate
CVE-2023-46652
was published
for
org.jenkins-ci.plugins:lambdatest-automation
(Maven)
Oct 25, 2023
Jenkins Build Failure Analyzer Plugin missing permission check
Moderate
CVE-2023-43501
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
Sep 20, 2023
ProTip!
Advisories are also available from the
GraphQL API