Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

30 advisories

Loading
OpenDaylight Authentication, Authorization and Accounting (AAA) peer impersonation vulnerability Moderate
CVE-2024-46943 was published for org.opendaylight.aaa:aaa-artifacts (Maven) Sep 16, 2024
OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) allows follower controller to set up flow entries Moderate
CVE-2024-46942 was published for org.opendaylight.mdsal:mdsal-artifacts (Maven) Sep 16, 2024
Jenkins does not perform a permission check in an HTTP endpoint Moderate
CVE-2024-43045 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Moderate
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Quarkus: authorization flaw in quarkus resteasy reactive and classic Moderate
CVE-2023-5675 was published for io.quarkus:quarkus-resteasy-reactive-common (Maven) Apr 25, 2024
bschuhmann
Keycloak users may be able to remove MFA from other users' devices Moderate
CVE-2020-10686 was published for org.keycloak:keycloak-core (Maven) May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Copy Artifact Plugin Moderate
CVE-2020-2183 was published for org.jenkins-ci.plugins:copyartifact (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access could enumerate credentials IDs in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2202 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Improper permission checks in Jenkins Swarm Plugin Moderate
CVE-2020-2191 was published for org.jenkins-ci.plugins:swarm (Maven) May 24, 2022
NotMyFault
Improper authorization in Jenkins Job and Node Ownership Plugin Moderate
CVE-2018-1000107 was published for com.synopsys.jenkinsci:ownership (Maven) May 13, 2022
Missing permission checks in Jenkins Fortify on Demand Plugin Moderate
CVE-2020-2204 was published for org.jenkins-ci.plugins:fortify-on-demand-uploader (Maven) May 24, 2022
NotMyFault
Missing permission checks in Mac Plugin Moderate
CVE-2020-2148 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Gerrit Trigger Plugin Moderate
CVE-2019-16552 was published for com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger (Maven) May 24, 2022
Missing Authorization in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10344 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Missing permission checks in Zephyr for JIRA Test Management Plugin Moderate
CVE-2020-2216 was published for org.jenkins-ci.plugins:zephyr-for-jira-test-management (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs Moderate
CVE-2020-2233 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2020-2197 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
NotMyFault
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin Moderate
CVE-2020-2118 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 24, 2022
NotMyFault
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2019-10357 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) May 24, 2022
dbolkensteyn
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins Moderate
CVE-2019-16574 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API