Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,688
Erlang
34
GitHub Actions
26
Go
2,274
Maven
5,000+
npm
3,930
NuGet
706
pip
3,696
Pub
12
RubyGems
919
Rust
955
Swift
38
Unreviewed advisories
All unreviewed
5,000+

40 advisories

Loading
Moderate severity vulnerability that affects org.keycloak:keycloak-core Moderate
CVE-2016-8629 was published for org.keycloak:keycloak-core (Maven) Oct 18, 2018
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications Moderate
CVE-2007-5342 was published for org.apache.tomcat:tomcat-juli (Maven) May 1, 2022
Jenkins allows Remote Users to Build Arbitrary Jobs Moderate
CVE-2013-0330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 5, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Access Control in Apache CXF Moderate
CVE-2015-5253 was published for org.apache.cxf:cxf-rt-rs-security-sso-saml (Maven) May 13, 2022
sunSUNQ
Jenkins allows Bypass of Access Restrictions Moderate
CVE-2015-5325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
Improper Access Control in MySQL Connectors Java Moderate
CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Apache Tomcat does not follow ServletSecurity annotations Moderate
CVE-2011-1419 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Elasticsearch Improper Access Control vulnerability Moderate
CVE-2014-3120 was published for org.elasticsearch:elasticsearch (Maven) May 17, 2022
Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages Moderate
CVE-2014-3679 was published for org.jvnet.hudson.plugins:monitoring (Maven) May 17, 2022
Jenkins Exclusion Plugin allows Access to Resource Locks Moderate
CVE-2013-6373 was published for org.jenkins-ci.plugins:exclusion (Maven) May 17, 2022
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Improper Access Control in JBoss mod_cluster Moderate
CVE-2012-1154 was published for org.jboss.mod_cluster:mod_cluster (Maven) May 17, 2022
Wildfly Authorization Misconfiguration Moderate
CVE-2019-14838 was published for org.wildfly.core:wildfly-host-controller (Maven) May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16554 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin Moderate
CVE-2023-24425 was published for com.cloudbees.jenkins.plugins:kubernetes-credentials-provider (Maven) Jan 26, 2023
Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm Moderate
CVE-2023-26473 was published for org.xwiki.platform:xwiki-platform-web (Maven) Mar 3, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database