GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
xxl-job-admin vulnerable to Insecure Permissions
Moderate
CVE-2023-48087
was published
for
com.xuxueli:xxl-job-admin
(Maven)
Nov 15, 2023
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-35147
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Jun 14, 2023
Jenkins Tag Profiler Plugin missing permission check
Moderate
CVE-2023-33004
was published
for
org.jenkins-ci.plugins:tag-profiler
(Maven)
May 16, 2023
Jenkins Email Extension Plugin missing permission check
Moderate
CVE-2023-32979
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks
Moderate
CVE-2023-32990
was published
for
org.jenkins-ci.plugins:azure-vm-agents
(Maven)
May 16, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Moderate
CVE-2023-27096
was published
for
cn.hippo4j:hippo4j-all
(Maven)
Mar 27, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j
Moderate
CVE-2023-27095
was published
for
cn.hippo4j:hippo4j-core
(Maven)
Mar 16, 2023
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
Moderate
CVE-2022-34112
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
Missing Authorization in Apache Archiva
Moderate
CVE-2022-29405
was published
for
org.apache.archiva:archiva
(Maven)
May 26, 2022
Opencast has Incorrect Permission Assignment
Moderate
CVE-2017-1000221
was published
for
org.opencastproject:opencast-kernel
(Maven)
May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
Moderate
CVE-2017-1000095
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins
Moderate
CVE-2017-2612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
Moderate
CVE-2020-1694
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect permissions in Apache Ozone
Moderate
CVE-2021-39235
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Generated Code Contains Local Information Disclosure Vulnerability
Moderate
CVE-2021-21364
was published
for
io.swagger:swagger-codegen
(Maven)
Mar 11, 2021
TemporaryFolder on unix-like systems does not limit access to created files
Moderate
CVE-2020-15250
was published
for
junit:junit
(Maven)
Oct 12, 2020
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main
Moderate
CVE-2017-3166
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Dec 21, 2018
ProTip!
Advisories are also available from the
GraphQL API