GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Drupal access bypass vulnerability
Moderate
CVE-2017-6928
was published
for
drupal/core
(Composer)
May 13, 2022
Opencast has Incorrect Permission Assignment
Moderate
CVE-2017-1000221
was published
for
org.opencastproject:opencast-kernel
(Maven)
May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
Moderate
CVE-2017-1000095
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins
Moderate
CVE-2017-2612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Bolt Improper Access Control
Moderate
CVE-2017-16754
was published
for
bolt/bolt
(Composer)
May 13, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Kubernetes Unsafe Cacheing
Moderate
CVE-2019-11244
was published
for
k8s.io/client-go
(Go)
Feb 15, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
Incorrect Permission Assignment for Critical Resource in Ansible
Moderate
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
Moderate
CVE-2020-1694
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare
Moderate
CVE-2022-21694
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Moderate
CVE-2022-0277
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect permissions in Apache Ozone
Moderate
CVE-2021-39235
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Moderate
CVE-2020-12797
was published
for
github.com/hashicorp/consul
(Go)
Jun 23, 2021
Cache Manipulation Attack in Apache Traffic Control
Moderate
CVE-2020-17522
was published
for
github.com/apache/trafficcontrol
(Go)
Jun 18, 2021
Permissions bypass in KubeVirt
Moderate
CVE-2020-1701
was published
for
kubevirt.io/kubevirt
(Go)
Jun 1, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
Incorrect permission enforcement in UmbracoCms
Moderate
CVE-2020-29454
was published
for
UmbracoCms
(NuGet)
Apr 13, 2021
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
ProTip!
Advisories are also available from the
GraphQL API