GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
10 advisories
Apache Hadoop allows local user to gain root privileges
High
CVE-2023-26031
was published
for
org.apache.hadoop:hadoop-yarn-project
(Maven)
Nov 16, 2023
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moderate
CVE-2022-36109
was published
for
github.com/docker/docker
(Go)
Sep 16, 2022
Missing Authorization in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000105
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Flarum's logout Route allows open redirects
Moderate
CVE-2024-21641
was published
for
flarum/core
(Composer)
Jan 5, 2024
1Panel set-cookie is missing the Secure keyword
Low
CVE-2024-24768
was published
for
github.com/1Panel-dev/1Panel
(Go)
Feb 5, 2024
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
High
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
Critical
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file
Moderate
CVE-2024-25710
was published
for
org.apache.commons:commons-compress
(Maven)
Feb 19, 2024
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API