Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

300 advisories

Loading
Moodle Email media URL tokens were not checking for user status Moderate
CVE-2019-14883 was published for moodle/moodle (Composer) May 24, 2022
Missing permission checks in Jenkins P4 Plugin Moderate
CVE-2020-2142 was published for org.jenkins-ci.plugins:p4 (Maven) May 24, 2022
NotMyFault
Missing permission checks in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2094 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Amazon EC2 Plugin Moderate
CVE-2020-2091 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins Moderate
CVE-2019-16574 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
Improper Authorization in Jenkins Alauda Kubernetes Suport Plugin Moderate
CVE-2019-16576 was published for io.alauda.jenkins.plugins:alauda-kubernetes-support (Maven) May 24, 2022
Jenkins Team Concert Plugin missing permission check Moderate
CVE-2019-16567 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
Jenkins RapidDeploy Plugin missing permission check Moderate
CVE-2019-16571 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability Moderate
CVE-2019-16547 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Moderate
CVE-2019-10457 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic (Maven) May 24, 2022
Missing permission check in Jenkins Rundeck Plugin Moderate
CVE-2019-10455 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Missing permission checks in Google Kubernetes Engine Jenkins Plugin Moderate
CVE-2019-10445 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization Moderate
CVE-2019-10442 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2019-10409 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
Missing permission check in Jenkins Relution Enterprise Appstore Publisher Plugin Moderate
CVE-2019-10389 was published for org.jenkins-ci.plugins:relution-publisher (Maven) May 24, 2022
Missing permission check in Jenkins XL TestView Plugin Moderate
CVE-2019-10387 was published for com.xebialabs.xlt.ci:xltestview-plugin (Maven) May 24, 2022
Missing permission check in Jenkins Avatar Plugin Moderate
CVE-2019-10377 was published for net.hurstfrost.jenkins:avatar (Maven) May 24, 2022
Jenkins JClouds Plugin missing permission check Moderate
CVE-2019-10369 was published for org.jenkins-ci.plugins:jclouds-jenkins (Maven) May 24, 2022
Moodle Ability to delete glossary entries that belong to another glossary Moderate
CVE-2019-10187 was published for moodle/moodle (Composer) May 24, 2022
Missing Authorization in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10344 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2019-10357 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) May 24, 2022
dbolkensteyn
Missing Authorization in Jenkins Moderate
CVE-2019-10354 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database