Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

65 advisories

Loading
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access Moderate
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Ant Media Server does not properly authorize non-administrative API calls Moderate
CVE-2024-3462 was published for io.antmedia:ant-media-server (Maven) May 14, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode Moderate
CVE-2024-27309 was published for org.apache.kafka:kafka-metadata (Maven) Apr 12, 2024
Apache Pulsar: Improper Authorization For Namespace and Topic Management Endpoints Moderate
CVE-2024-29834 was published for org.apache.pulsar:pulsar-broker (Maven) Apr 2, 2024
oscerd
Elasticsearch Incorrect Authorization vulnerability Moderate
CVE-2024-23451 was published for org.elasticsearch:elasticsearch (Maven) Mar 27, 2024
Apache Pulsar: Improper Authorization For Topic-Level Policy Management Moderate
CVE-2024-28098 was published for org.apache.pulsar:pulsar-broker (Maven) Mar 12, 2024
oscerd
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials Moderate
CVE-2023-39154 was published for com.qualys.plugins:qualys-was (Maven) Jul 26, 2023
Apache Pulsar Function Worker Incorrect Authorization vulnerability Moderate
CVE-2023-37579 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Jul 12, 2023
OpenSearch issue with fine-grained access control during extremely rare race conditions Moderate
CVE-2023-31141 was published for org.opensearch.plugin:opensearch-security (Maven) May 9, 2023
OpenSearch has issue with fine-grained access control of indices backing data streams Moderate
CVE-2022-41918 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
xwiki contains Incorrect Authorization Moderate
CVE-2023-26056 was published for org.xwiki.platform:xwiki-platform-rendering-macro-context (Maven) Mar 3, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Missing permission check in Jenkins build-publisher Plugin Moderate
CVE-2022-41230 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
XMLUI's metadata of withdrawn Items is exposed to anonymous users Moderate
CVE-2022-31190 was published for org.dspace:dspace-xmlui (Maven) Aug 6, 2022
UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance() Moderate
CVE-2022-31139 was published for io.github.karlatemp:unsafe-accessor (Maven) Jul 12, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34814 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins requests-plugin Moderate
CVE-2022-34782 was published for org.jenkins-ci.plugins:requests (Maven) Jul 1, 2022
NotMyFault
NT auth module vulnerability in OpenAM Moderate
CVE-2022-34298 was published for org.openidentityplatform.openam:openam-core (Maven) Jun 24, 2022
Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement Moderate
CVE-2022-34180 was published for org.jenkins-ci.plugins:embeddable-build-status (Maven) Jun 24, 2022
NotMyFault
Incorrect Authorization in MySQL Connector Java Moderate
CVE-2021-2471 was published for mysql:mysql-connector-java (Maven) May 24, 2022
Improper permission checks allow canceling queue items and aborting builds in Jenkins Moderate
CVE-2021-21670 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Moderate
CVE-2021-21643 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API