GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
201 advisories
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39352
was published
for
github.com/openfga/openfga
(Go)
Nov 8, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Moderate
CVE-2022-31683
was published
for
github.com/concourse/concourse
(Go)
Oct 19, 2022
Missing permission check in Jenkins build-publisher Plugin
Moderate
CVE-2022-41230
was published
for
org.jenkins-ci.plugins:build-publisher
(Maven)
Sep 22, 2022
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moderate
CVE-2022-36109
was published
for
github.com/docker/docker
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating a robot account
Moderate
CVE-2022-31667
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag immutability policies
Moderate
CVE-2022-31669
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34814
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API