Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

28 advisories

Loading
apollo-portal has potential unauthorized access issue Moderate
CVE-2024-43397 was published for com.ctrip.framework.apollo:apollo (Maven) Aug 20, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
Broken access control in Silverpeas Moderate
CVE-2023-47321 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47327 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
Broken access control in Silverpeas Moderate
CVE-2023-47325 was published for org.silverpeas.core:silverpeas-core-web (Maven) Dec 13, 2023
io.micronaut.security:micronaut-security-oauth2 has invalid IdTokenClaimsValidator logic on aud Moderate
CVE-2023-36820 was published for io.micronaut.security:micronaut-security-oauth2 (Maven) Oct 5, 2023
tommyli
PlantUML Improper Access Control vulnerability Moderate
CVE-2023-3431 was published for net.sourceforge.plantuml:plantuml-mit (Maven) Jun 27, 2023
Liferay portal has unauthorized access to object definition via search Moderate
CVE-2023-33947 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Liferay portal unauthorized access to objects via OAuth 2 scope Moderate
CVE-2023-33946 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro Moderate
CVE-2023-29513 was published for org.xwiki.platform:xwiki-platform-web-templates (Maven) Apr 20, 2023
PowerJob vulnerable to Incorrect Access Control via the create user/save interface. Moderate
CVE-2023-29922 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for unauthorized server connections Moderate
CVE-2023-28675 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration Moderate
CVE-2023-28673 was published for org.jenkinsci.plugins:octoperf (Maven) Apr 2, 2023
Unprivileged XWiki Platform users can make arbitrary select queries using DatabaseListProperty and suggest.vm Moderate
CVE-2023-26473 was published for org.xwiki.platform:xwiki-platform-web (Maven) Mar 3, 2023
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
Missing permission check in Jenkins Build Failure Analyzer Plugin Moderate
CVE-2019-16554 was published for com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer (Maven) May 24, 2022
Wildfly Authorization Misconfiguration Moderate
CVE-2019-14838 was published for org.wildfly.core:wildfly-host-controller (Maven) May 24, 2022
Improper Access Control in JBoss mod_cluster Moderate
CVE-2012-1154 was published for org.jboss.mod_cluster:mod_cluster (Maven) May 17, 2022
Apache Struts2 Broken Access Control Vulnerability Moderate
CVE-2013-4310 was published for org.apache.struts:struts2-core (Maven) May 17, 2022
sunSUNQ
Apache Tomcat does not follow ServletSecurity annotations Moderate
CVE-2011-1419 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Access Control in MySQL Connectors Java Moderate
CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Access Control in Apache CXF Moderate
CVE-2015-5253 was published for org.apache.cxf:cxf-rt-rs-security-sso-saml (Maven) May 13, 2022
sunSUNQ
ProTip! Advisories are also available from the GraphQL API