Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,819
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,046
NuGet
723
pip
3,842
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

87 advisories

Loading
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
achibear aruneko
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
Alkacon OpenCMS Improper Access Control via system/workplace/views/admin/admin-main.jsp Moderate
CVE-2006-3935 was published for org.opencms:opencms-core (Maven) May 1, 2022
Apache Commons Improper Access Control vulnerability High
CVE-2025-48734 was published for commons-beanutils:commons-beanutils (Maven) May 28, 2025
Liferay Portal and Liferay DXP Bypass via Double Encoded URL Moderate
CVE-2020-15840 was published for com.liferay.portal:com.liferay.portal.impl (Maven) May 24, 2022
Jenkins WildFly Deployer Plugin vulnerable to path traversal Moderate
CVE-2022-41235 was published for org.jenkins-ci.plugins:wildfly-deployer (Maven) Sep 22, 2022
NotMyFault
Jenkins OpenID Connect Provider Plugin Incorrectly Validates Crafted Build ID Tokens Critical
CVE-2025-47884 was published for io.jenkins.plugins:oidc-provider (Maven) May 14, 2025
Liferay DXP Vulnerable to Denial-of-service (DoS) in the Multi-Factor Authentication Module Moderate
CVE-2021-29041 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Jenkins Compuware Topaz for Total Test Plugin vulnerable to Protection Mechanism Failure High
CVE-2022-43429 was published for com.compuware.jenkins:compuware-topaz-for-total-test (Maven) Oct 19, 2022
WildFly improper RBAC permission Moderate
CVE-2025-23367 was published for org.wildfly.core:wildfly-server (Maven) Jan 31, 2025
BRCC Incorrect Access Control vulnerability Critical
CVE-2025-45616 was published for com.baidu.mapp:brcc-core (Maven) May 5, 2025
Missing permissions check in Liferay Portal Moderate
CVE-2022-42126 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Exposure of system-scoped Kubernetes credentials in Jenkins Kubernetes Credentials Provider Plugin Moderate
CVE-2023-24425 was published for com.cloudbees.jenkins.plugins:kubernetes-credentials-provider (Maven) Jan 26, 2023
Privilege escalation in Liferay Portal Moderate
CVE-2022-45320 was published for com.liferay.portal:release.portal.bom (Maven) Feb 20, 2024
OpenDaylight SFC Allows Unauthorized Privileged Execution via Crafted Request Critical
CVE-2025-29315 was published for org.opendaylight.sfc:sfc-parent (Maven) Mar 24, 2025
Jenkins Exclusion Plugin allows Access to Resource Locks Moderate
CVE-2013-6373 was published for org.jenkins-ci.plugins:exclusion (Maven) May 17, 2022
Jenkins Monitoring Plugin Reveals Sensitive Information via Unspecified Pages Moderate
CVE-2014-3679 was published for org.jvnet.hudson.plugins:monitoring (Maven) May 17, 2022
Jenkins allows Bypass of Access Restrictions Moderate
CVE-2015-5325 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Jenkins allows Remote Users to Build Arbitrary Jobs Moderate
CVE-2013-0330 was published for org.jenkins-ci.main:jenkins-core (Maven) May 5, 2022
Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User Moderate
GHSA-rq4w-cjrr-h8w8 was published for org.keycloak:keycloak-services (Maven) Feb 17, 2025 withdrawn
Improper Authorization in Keycloak Organization Mapper Allows Unauthorized Organization Claims Moderate
CVE-2025-1391 was published for org.keycloak:keycloak-services (Maven) Mar 10, 2025
Broken Access Control in Spring Security With Direct Use of isFullyAuthenticated High
CVE-2024-22234 was published for org.springframework.security:spring-security-core (Maven) Feb 20, 2024
oscerd
Apache HugeGraph-Server: Command execution in gremlin Critical
CVE-2024-27348 was published for org.apache.hugegraph:hugegraph-api (Maven) Apr 22, 2024
Duplicate Advisory: Wildfly Server Role Based Access Control (RBAC) provider has Improper Access Control Moderate
GHSA-fcrw-mphx-7cxf was published for org.wildfly:wildfly-server (Maven) Jan 30, 2025 withdrawn
General OpenMRS Security Advisory, January 2025: Penetration Testing Results and Patches Critical
GHSA-vpxm-cr3r-pjp9 was published for org.openmrs.module:addresshierarchy (Maven) Jan 30, 2025
slubwama mseaton
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database