GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
429 advisories
Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted
Low
CVE-2023-22489
was published
for
flarum/core
(Composer)
Jan 10, 2023
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
KubePi may allow unauthorized access to system API
High
CVE-2023-22478
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
Critical
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
Lack of authentication mechanism for webhook in CloudBees Docker Hub/Registry Notification Plugin
Moderate
CVE-2022-45385
was published
for
org.jenkins-ci.plugins:dockerhub-notification
(Maven)
Nov 16, 2022
Missing permission check in Jenkins Delete log Plugin
Moderate
CVE-2022-45394
was published
for
org.jenkins-ci.plugins:delete-log-plugin
(Maven)
Nov 16, 2022
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs
Moderate
CVE-2022-45390
was published
for
io.loader:loaderio-jenkins-plugin
(Maven)
Nov 16, 2022
Missing permission checks in Jenkins Katalon Plugin allow capturing credentials
Moderate
CVE-2022-43417
was published
for
org.jenkins-ci.plugins:katalon
(Maven)
Oct 19, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
ProTip!
Advisories are also available from the
GraphQL API