Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,675
Maven
5,000+
npm
4,297
NuGet
760
pip
4,077
Pub
12
RubyGems
957
Rust
1,058
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Jenkins global-build-stats Plugin missing permission check can result in graph IDs being enumerated Moderate
CVE-2025-58459 was published for org.jenkins-ci.plugins:global-build-stats (Maven) Sep 3, 2025
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
achibear aruneko
Credited to achibear and aruneko
Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp Moderate
CVE-2006-3935 was published for org.opencms:opencms-core (Maven) May 1, 2022
Liferay Portal and Liferay DXP Bypass via Double Encoded URL Moderate
CVE-2020-15840 was published for com.liferay.portal:com.liferay.portal.impl (Maven) May 24, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Credited to NotMyFault
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module Moderate
CVE-2021-29041 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin Moderate
CVE-2023-24425 was published for com.cloudbees.jenkins.plugins:kubernetes-credentials-provider (Maven) Jan 26, 2023
Privilege escalation in Liferay Portal Moderate
CVE-2022-45320 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
Jenkins Exclusion Plugin allows Access to Resource Locks Moderate
CVE-2013-6373 was published for org.jenkins-ci.plugins:exclusion (Maven) May 17, 2022
Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages Moderate
CVE-2014-3679 was published for org.jvnet.hudson.plugins:monitoring (Maven) May 17, 2022
Jenkins allows Bypass of Access Restrictions Moderate
CVE-2015-5325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Remote Users to Build Arbitrary Jobs Moderate
CVE-2013-0330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 5, 2022
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User Moderate
GHSA-rq4w-cjrr-h8w8 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025 withdrawn
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Mar 10, 2025
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Apache Tomcat does not follow ServletSecurity annotations Moderate
CVE-2011-1419 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Credited to sunSUNQ
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Improper Access Control in Apache CXF Moderate
CVE-2015-5253 was published for org.apache.cxf:cxf-rt-rs-security-sso-saml (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Broken access control in Silverpeas Moderate
CVE-2023-47327 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database