Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Apache Solr Schema Designer blindly "trusts" all configsets Low
CVE-2023-50292 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Improper privilege handling in Apache Accumulo High
CVE-2020-17533 was published for org.apache.accumulo:accumulo-master (Maven) Feb 9, 2022
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-35147 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Jun 14, 2023
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin Moderate
CVE-2017-1000095 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline High
CVE-2017-1000096 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
Arbitrary code execution vulnerability in Jenkins Speaks! Plugin High
CVE-2017-1000403 was published for org.jvnet.hudson.plugins:speaks (Maven) May 13, 2022
Jenkins File Parameter Plugin arbitrary file write vulnerability High
CVE-2023-32986 was published for io.jenkins.plugins:file-parameters (Maven) May 16, 2023
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Missing permission check in Jenkins JiraTestResultReporter Plugin Moderate
CVE-2022-28137 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
xxl-job-admin vulnerable to Insecure Permissions Moderate
CVE-2023-48087 was published for com.xuxueli:xxl-job-admin (Maven) Nov 15, 2023
Incorrect permissions in Apache Ozone Moderate
CVE-2021-39235 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Insecure Temporary File in HuTool High
CVE-2023-33695 was published for cn.hutool:hutool-core (Maven) Jun 13, 2023
Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource High
CVE-2023-31454 was published for org.apache.inlong:manager-service (Maven) Jul 6, 2023
Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability High
CVE-2023-31453 was published for org.apache.inlong:manager-service (Maven) Jul 6, 2023
Apache Ranger Hive Plugin missing permissions check High
CVE-2021-40331 was published for org.apache.ranger:ranger-hive-plugin (Maven) May 5, 2023
Information Disclosure in Guava Low
CVE-2020-8908 was published for com.google.guava:guava (Maven) Mar 25, 2021
joshbressers
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks High
CVE-2023-32992 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32990 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Jenkins Email Extension Plugin missing permission check Moderate
CVE-2023-32979 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database