Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

429 advisories

Loading
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
Jenkins Sumologic Publisher Plugin missing permission check Moderate
CVE-2023-37959 was published for org.jenkins-ci.plugins:sumologic-publisher (Maven) Jul 12, 2023
Jenkins ElasticBox CI Plugin missing permission check Moderate
CVE-2023-37965 was published for org.jenkins-ci.plugins:elasticbox (Maven) Jul 12, 2023
Jenkins Benchmark Evaluator Plugin missing permission check Moderate
CVE-2023-37963 was published for io.jenkins.plugins:benchmark-evaluator (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37953 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Jenkins Test Results Aggregator Plugin missing permission check Moderate
CVE-2023-37956 was published for org.jenkins-ci.plugins:test-results-aggregator (Maven) Jul 12, 2023
Jenkins Datadog Plugin does not perform a permission check in an HTTP endpoint. Moderate
CVE-2023-37944 was published for org.datadog.jenkins.plugins:datadog (Maven) Jul 12, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission check Moderate
CVE-2023-37945 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) Jul 12, 2023
Jenkins Orka by MacStadium Plugin missing permission check Moderate
CVE-2023-37949 was published for io.jenkins.plugins:macstadium-orka (Maven) Jul 12, 2023
Jenkins mabl Plugin missing permission check Moderate
CVE-2023-37950 was published for com.mabl.integration.jenkins:mabl-integration (Maven) Jul 12, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Jenkins Team Concert Plugin does not perform permission checks in methods implementing form validation Moderate
CVE-2023-3315 was published for org.jenkins-ci.plugins:teamconcert (Maven) Jun 19, 2023
Mattermost Server Missing Authorization vulnerability Moderate
CVE-2023-2783 was published for github.com/mattermost/mattermost-server/v6 (Go) Jun 16, 2023
Jenkins Digital.ai App Management Publisher Plugin missing permission checks Moderate
CVE-2023-35149 was published for org.jenkins-ci.plugins:ease-plugin (Maven) Jun 14, 2023
OpenZeppelin Contracts's governor proposal creation may be blocked by frontrunning Moderate
CVE-2023-34234 was published for @openzeppelin/contracts (npm) Jun 8, 2023
MarkLee131
Duplicate Advisory: Grafana Improper Access Control vulnerability Moderate
GHSA-wm7r-3qxj-5xgq was published for github.com/grafana/grafana (Go) Jun 6, 2023 withdrawn
Missing authorization in Liferay portal High
CVE-2023-33948 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
Command injection in nevado-jms High
CVE-2023-31826 was published for org.skyscreamer:nevado-jms (Maven) May 23, 2023
Double spend in snarkjs High
CVE-2023-33252 was published for snarkjs (npm) May 22, 2023
Answer Missing Authorization vulnerability Low
CVE-2023-2590 was published for github.com/answerdev/answer (Go) May 9, 2023
Missing permission check of canView in GridFieldPrintButton Moderate
CVE-2023-22728 was published for silverstripe/framework (Composer) Apr 26, 2023
matrix-js-sdk vulnerable to invisible eavesdropping in group calls Moderate
CVE-2023-29529 was published for matrix-js-sdk (npm) Apr 14, 2023
Jenkins Quay.io trigger Plugin webhook endpoint can be accessed without authentication Moderate
CVE-2023-30519 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database