Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,638 advisories

Loading
Jenkins Image Tag Parameter Plugin improperly introduces option to opt out of SSL/TLS certificate validation Moderate
CVE-2023-30516 was published for org.jenkins-ci.plugins:image-tag-parameter (Maven) Apr 12, 2023
Jenkins Thycotic Secret Server Plugin missing permissions check Moderate
CVE-2023-30518 was published for io.jenkins.plugins:thycotic-secret-server (Maven) Apr 12, 2023
Jenkins Report Portal Plugin Cross-Site Request Forgery vulnerability Moderate
CVE-2023-30525 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins Report Portal Plugin missing permissions check Moderate
CVE-2023-30526 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins Fogbugz Plugin has missing permissions check Moderate
CVE-2023-30522 was published for org.jenkins-ci.plugins:fogbugz (Maven) Apr 12, 2023
Jenkins Report Portal Plugin allows users with Item/Extended Read permission to view tokens on Jenkins controller Moderate
CVE-2023-30523 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins WSO2 Oauth Plugin stores WSO2 Oauth client secret unencrypted in global config.xml file on Jenkins controller Low
CVE-2023-30527 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
Jenkins Report Portal Plugin configuration form does not mask tokens Moderate
CVE-2023-30524 was published for org.jenkins-ci.plugins:reportportal (Maven) Apr 12, 2023
Jenkins Assembla merge request builder Plugin missing authentication to access endpoint Moderate
CVE-2023-30521 was published for org.jenkins-ci.plugins:assembla-merge-request-builder (Maven) Apr 12, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted Moderate
CVE-2023-30530 was published for org.jenkins-ci.plugins:consul-kv-builder (Maven) Apr 12, 2023
Jenkins WSO2 Oauth Plugin does not mask the WSO2 Oauth client secret on the global configuration form Low
CVE-2023-30528 was published for org.jenkins-ci.plugins:wso2id-oauth (Maven) Apr 12, 2023
Jenkins Quay.io trigger Plugin Cross-site Scripting vulnerability High
CVE-2023-30520 was published for org.jenkins-ci.plugins:quayio-trigger (Maven) Apr 12, 2023
Jenkins Lucene-Search Plugin vulnerable to Cross-Site Request Forgery Moderate
CVE-2023-30529 was published for org.jenkins-ci.plugins:lucene-search (Maven) Apr 12, 2023
Jenkins Consul KV Builder Plugin stores HashiCorp Consul ACL Token unencrypted Moderate
CVE-2023-30531 was published for org.jenkins-ci.plugins:consul-kv-builder (Maven) Apr 12, 2023
Lack of authentication mechanism in Jenkins TurboScript Plugin webhook Moderate
CVE-2023-30532 was published for org.jenkinsci.plugins.spoonscript:spoonscript (Maven) Apr 12, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Commonmarker vulnerable to to several quadratic complexity bugs that may lead to denial of service Moderate
GHSA-48wp-p9qv-4j64 was published for commonmarker (RubyGems) Apr 11, 2023
.NET Remote Code Execution vulnerability High
CVE-2023-28260 was published for Microsoft.NetCore.App.Runtime.win-arm (NuGet) Apr 11, 2023
Nokogiri updates packaged libxml2 to v2.10.4 to resolve multiple CVEs Moderate
GHSA-pxvg-2qj5-37jq was published for nokogiri (RubyGems) Apr 11, 2023
vitess allows users to create keyspaces that can deny access to already existing keyspaces Moderate
CVE-2023-29194 was published for vitess.io/vitess (Go) Apr 11, 2023
AdamKorcz ajm188
Credited to AdamKorcz and ajm188
Traefik HTTP header parsing could cause a denial of service High
CVE-2023-29013 was published for github.com/traefik/traefik/v2 (Go) Apr 11, 2023
govuk_tech_docs vulnerable to unescaped HTML on search results page Low
CVE-2024-22048 was published for govuk_tech_docs (RubyGems) Apr 11, 2023
ChrisBAshton
Credited to ChrisBAshton
h2 vulnerable to denial of service Moderate
CVE-2023-26964 was published for h2 (Rust) Apr 11, 2023
FirelightFlagboy seanmonstar
KisaragiEffective JohnTitor
Credited to FirelightFlagboy, seanmonstar, KisaragiEffective, and JohnTitor
Answer vulnerable to Insertion of Sensitive Information Into Sent Data Moderate
CVE-2023-1975 was published for github.com/answerdev/answer (Go) Apr 11, 2023
Answer vulnerable to Exposure of Sensitive Information Through Metadata Moderate
CVE-2023-1974 was published for github.com/answerdev/answer (Go) Apr 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database