Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

413 advisories

Loading
Jenkins Fortify Plugin missing permission check Moderate
CVE-2023-4302 was published for org.jenkins-ci.plugins:fortify (Maven) Aug 22, 2023
Jenkins Delphix Plugin missing permission check Moderate
CVE-2023-40344 was published for org.jenkins-ci.plugins:delphix (Maven) Aug 16, 2023
When `ui.isAccessAllowed` is `undefined`, the `adminMeta` GraphQL query is publicly accessible Moderate
CVE-2023-40027 was published for @keystone-6/core (npm) Aug 15, 2023
dcousens
Mattermost fails to check if user is a guest before performing actions on public playbooks Moderate
CVE-2023-4106 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost fails to correctly delete attachments Low
CVE-2023-4105 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Froxlor vulnerable to business logic errors Low
CVE-2023-4304 was published for froxlor/froxlor (Composer) Aug 11, 2023
1Panel arbitrary file write vulnerability High
CVE-2023-39966 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
Answer Missing Authorization vulnerability High
CVE-2023-4124 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Silverstripe Framework: Members with no password can be created and bypass custom login forms Low
CVE-2023-32302 was published for silverstripe/framework (Composer) Jul 31, 2023
sabina-talipova bimthebam
maxime-rainville
Missing authorization in Jenkins Plug-in for ServiceNow High
CVE-2023-3442 was published for io.jenkins.plugins:servicenow-devops (Maven) Jul 26, 2023
Nomad Search API Leaks Information About CSI Plugins Moderate
CVE-2023-3300 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
Jenkins Sumologic Publisher Plugin missing permission check Moderate
CVE-2023-37959 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check Moderate
CVE-2023-37963 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check Moderate
CVE-2023-37965 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37953 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint. Moderate
CVE-2023-37944 was published for org.datadog.jenkins.plugins:datadog (Maven) Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check Moderate
CVE-2023-37945 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check Moderate
CVE-2023-37956 was published for org.jenkins-ci.plugins:test-results-aggregator (Maven) Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check Moderate
CVE-2023-37949 was published for io.jenkins.plugins:macstadium-orka (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37950 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2023-3315 was published for org.jenkins-ci.plugins:teamconcert (Maven) Jun 19, 2023
Mattermost Server Missing Authorization vulnerability Moderate
CVE-2023-2783 was published for github.com/mattermost/mattermost-server/v6 (Go) Jun 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database