Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

338 advisories

Loading
Jenkins is missing a permission check in the authenticated users' profile menu Moderate
CVE-2025-59475 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Jenkins has a missing permission check, allowing users to obtain agent names Moderate
CVE-2025-59474 was published for org.jenkins-ci.main:jenkins-core (Maven) Sep 17, 2025
Liferay Portal allows remote attackers to view display page templates via crafted URLs Moderate
CVE-2025-43805 was published for com.liferay:com.liferay.asset.display.page.service (Maven) Sep 17, 2025
Liferay Portal's Organization Selector exposes organization data to remote authenticated users Moderate
CVE-2025-43788 was published for com.liferay:com.liferay.organizations.item.selector.web (Maven) Sep 12, 2025
Liferay Portal and Liferay DXP Workflow Component Does Not Check User Permissions Critical
CVE-2024-38002 was published for com.liferay.portal:release.dxp.bom (Maven) Oct 22, 2024
Jenkins OpenTelemetry Plugin missing permission check allows capturing credentials Moderate
CVE-2025-58460 was published for io.jenkins.plugins:opentelemetry (Maven) Sep 3, 2025
Liferay Portal allows improper access through the expandoTableLocalService Moderate
CVE-2025-43773 was published for com.liferay:com.liferay.portal.workflow.kaleo.runtime.impl (Maven) Aug 29, 2025
Liferay Portal and Liferay DXP Organization Selector Does Not Check User Permissions Moderate
CVE-2023-3426 was published for com.liferay.portal:release.dxp.bom (Maven) Aug 2, 2023
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module Moderate
CVE-2022-38512 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Apache ZooKeeper vulnerable to information disclosure in persistent watchers handling Moderate
CVE-2024-23944 was published for org.apache.zookeeper:zookeeper (Maven) Mar 15, 2024
Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp Moderate
CVE-2006-3935 was published for org.opencms:opencms-core (Maven) May 1, 2022
GeoServer Missing Authorization on REST API Index Moderate
CVE-2025-27505 was published for org.geoserver.web:gs-web-app (Maven) Jun 10, 2025
sikeoka
Lack of authentication mechanism in Jenkins DotCi Plugin webhook Moderate
CVE-2022-41238 was published for com.groupon.jenkins-ci.plugins:DotCi (Maven) Sep 22, 2022
NotMyFault
Spring Boot EndpointRequest.to() creates wrong matcher if actuator endpoint is not exposed High
CVE-2025-22235 was published for org.springframework.boot:spring-boot (Maven) Apr 28, 2025
Jenkins Cadence vManager Plugin is Missing Permission Checks Moderate
CVE-2025-47887 was published for org.jenkins-ci.plugins:vmanager-plugin (Maven) May 14, 2025
The WikiManager REST API allows any user to create wikis High
CVE-2025-29926 was published for org.xwiki.platform:xwiki-platform-wiki-rest-default (Maven) Mar 19, 2025
XWiki missing authorization when accessing the wiki level attachments list and metadata via REST API Moderate
CVE-2025-46554 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Apr 30, 2025
LMonert
Any user with view access to the XWiki space can change the authenticator High
CVE-2025-46557 was published for org.xwiki.platform:xwiki-platform-security-authentication-ui (Maven) Apr 30, 2025
Missing permission check in Jenkins loader.io Plugin allows enumerating credentials IDs Moderate
CVE-2022-45390 was published for io.loader:loaderio-jenkins-plugin (Maven) Nov 16, 2022
NotMyFault
org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right Critical
CVE-2025-32973 was published for org.xwiki.platform:xwiki-platform-component-wiki (Maven) Apr 29, 2025
Apache Archiva does not require entry of the administrator's password at the time of modifying a user account Moderate
CVE-2010-4408 was published for org.apache.archiva:archiva (Maven) May 14, 2022
Jenkins Missing Permission Check Moderate
CVE-2025-31721 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Jenkins Missing Permission Check Moderate
CVE-2025-31720 was published for org.jenkins-ci.main:jenkins-core (Maven) Apr 2, 2025
Spring Security Missing Authorization vulnerability Moderate
CVE-2024-38810 was published for org.springframework.security:spring-security-core (Maven) Aug 20, 2024
Missing permission checks in Jenkins Chaos Monkey Plugin High
CVE-2020-2322 was published for io.jenkins.plugins:chaos-monkey (Maven) May 24, 2022
NotMyFault anonymous-nlp-student
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database