GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials
High
CVE-2020-2117
was published
for
org.jenkins-ci.plugins:pipeline-githubnotify-step
(Maven)
May 24, 2022
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2097
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
Improper Authorization in Apache Xalan-Java
High
CVE-2014-0107
was published
for
xalan:xalan
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher
High
CVE-2021-4200
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
go.etcd.io/etcd Authentication Bypass
High
CVE-2018-16886
was published
for
go.etcd.io/etcd
(Go)
Apr 12, 2022
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
Improper Authorization in librenms
High
CVE-2022-0587
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Information Exposure in Docker Engine
High
CVE-2015-3630
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
Improper Authorization in @sap-cloud-sdk/core
High
GHSA-r2vw-jgq9-jqx2
was published
for
@sap-cloud-sdk/core
(npm)
Sep 3, 2020
Improper Authorization in googleapis
High
GHSA-7543-mr7h-6v86
was published
for
googleapis
(npm)
Sep 2, 2020
Improper Authorization in loopback
High
GHSA-8wgc-jjvv-cv6v
was published
for
loopback
(npm)
Sep 2, 2020
Privilege escalation in Presto
High
CVE-2020-15087
was published
for
io.prestosql:presto-server
(Maven)
Jun 30, 2020
Authorization bypass in express-jwt
High
CVE-2020-15084
was published
for
express-jwt
(npm)
Jun 30, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Firewall configured with unanimous strategy was not actually unanimous in Symfony
High
CVE-2020-5275
was published
for
symfony/security
(Composer)
Mar 30, 2020
2FA bypass through deleting devices in wagtail-2fa
High
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
ProTip!
Advisories are also available from the
GraphQL API