Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,744
Maven
5,000+
npm
4,341
NuGet
765
pip
4,113
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

179 advisories

Loading
Jenkins does not invalidate the API token when a user is deleted Moderate
CVE-2014-2062 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Jenkins session fixation vulnerability Moderate
CVE-2014-2066 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Jenkins does not Restrict Reserved Names Allowing for Privilege Escalation Moderate
CVE-2015-1810 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Improper Authentication in Apache ActiveMQ Moderate
CVE-2013-3060 was published for org.apache.activemq:activemq-client (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Salt Insecure configuration of PAM external authentication service Moderate
CVE-2016-3176 was published for salt (pip) May 17, 2022
Chameleon in Plone allows Authentication Bypass Moderate
CVE-2016-4043 was published for Plone (pip) May 17, 2022
Apache Hadoop allows impersonation of arbitrary cluster user accounts Moderate
CVE-2012-1574 was published for org.apache.hadoop:hadoop-main (Maven) May 17, 2022
Improper Authentication in Apache Hadoop Moderate
CVE-2014-0229 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Apache QPID Allows Remote Authentication Bypass Moderate
CVE-2012-3467 was published for org.apache.qpid:qpid-parent (Maven) May 17, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2012-5886 was published for org.apache.tomcat:tomcat-catalina (Maven) May 17, 2022
Improper Authentication in Apache Tomcat Moderate
CVE-2012-5887 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
OpenStack Identity (Keystone) improper revoking of the authentication token when deleting a user Moderate
CVE-2013-2059 was published for keystone (pip) May 17, 2022
Authentication Bypass in Apache Tomcat Moderate
CVE-2012-3546 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
tdunlap607
Credited to tdunlap607
Zend Access Restriction Bypass Moderate
CVE-2014-8088 was published for zendframework/zendframework (Composer) May 17, 2022
Django Middleware Enables Session Hijacking Moderate
CVE-2014-0482 was published for Django (pip) May 14, 2022
OpenStack Keystone Token authorization for a user in a disabled tenant is allowed Moderate
CVE-2012-4457 was published for Keystone (pip) May 14, 2022
Improper Authentication in Hibernate Validator Moderate
CVE-2014-3558 was published for org.hibernate:hibernate-validator (Maven) May 14, 2022
MarkLee131
Credited to MarkLee131
Improper Authentication in Apache Tomcat Moderate
CVE-2011-5062 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Authentication in Apache Tomcat Moderate
CVE-2011-5063 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
sunSUNQ
Credited to sunSUNQ
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Authentication in Jenkins Moderate
CVE-2018-1999045 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
Apache OpenMeetings may allow authenticated attacker to deny service for privileged users Moderate
CVE-2018-1286 was published for org.apache.openmeetings:openmeetings-parent (Maven) May 13, 2022
Dolibarr allows password changes without supplying the current password Moderate
CVE-2017-8879 was published for dolibarr/dolibarr (Composer) May 13, 2022
Improper Authentication in Jenkins Blue Ocean Plugin Moderate
CVE-2017-1000110 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
Improper Authentication in Jenkins Moderate
CVE-2017-2604 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database