GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,974
Erlang
29
GitHub Actions
16
Go
1,763
Maven
4,988
npm
3,525
NuGet
615
pip
3,099
Pub
10
RubyGems
834
Rust
785
Swift
34
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Jenkins WebSphere Deployer Plugin missing permission check
Moderate
CVE-2019-16559
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Moderate
CVE-2019-10470
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
PowerJob vulnerable to Insecure Permissions
Moderate
CVE-2023-29923
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
Moderate
CVE-2023-32996
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins AppSpider Plugin missing permission check
Moderate
CVE-2023-32999
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 16, 2023
Incorrect Default Permissions in Apache DolphinScheduler
Moderate
CVE-2020-13922
was published
for
org.apache.dolphinscheduler:dolphinscheduler
(Maven)
Feb 9, 2022
Apache Superset has Incorrect Default Permissions
Moderate
CVE-2023-42501
was published
for
apache-superset
(pip)
Nov 27, 2023
Missing permission check in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2019-16552
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16554
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
Improper permission checks in Jenkins Copy Artifact Plugin
Moderate
CVE-2020-2183
was published
for
org.jenkins-ci.plugins:copyartifact
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
Moderate
CVE-2019-10473
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
Moderate
CVE-2019-10472
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Moodle default permissions too permissive
Moderate
CVE-2012-1157
was published
for
moodle/moodle
(Composer)
Apr 23, 2022
Parameterized Trigger Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000084
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
May 13, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Magento incorrect permissions vulnerability in the Integrations component
Moderate
CVE-2020-24402
was published
for
magento/community-edition
(Composer)
May 24, 2022
Moodle Incorrect Default Settings
Moderate
CVE-2011-4285
was published
for
moodle/moodle
(Composer)
May 13, 2022
Incorrect Default Permissions in log4js
Moderate
CVE-2022-21704
was published
for
log4js
(npm)
Jan 21, 2022
Missing permission checks in AWS Credentials Plugin
Moderate
CVE-2022-27199
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
Jenkins Build Step Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000089
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 13, 2022
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials
Moderate
CVE-2023-23848
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Silverstripe has Incorrect Default Permissions
Moderate
CVE-2020-6165
was published
for
silverstripe/graphql
(Composer)
May 24, 2022
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
django
(pip)
Dec 4, 2019
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
ProTip!
Advisories are also available from the
GraphQL API