Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

59 advisories

Loading
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection Critical
CVE-2017-11467 was published for com.orientechnologies:orientdb-core (Maven) Oct 18, 2018
yoshizawa-masatoshi
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2 High
CVE-2018-15758 was published for org.springframework.security.oauth:spring-security-oauth2 (Maven) Oct 19, 2018
MarkLee131
Improper Privilege Management in Apache Karaf High
CVE-2018-11786 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2018
Improper Privilege Management in org.apache.hadoop:hadoop-main High
CVE-2018-11767 was published for org.apache.hadoop:hadoop-main (Maven) Mar 25, 2019
Improper Privilege Management in Tomcat Critical
CVE-2020-1938 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 15, 2020
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilege escalation in spring security High
CVE-2021-22112 was published for org.springframework.security:spring-security-bom (Maven) May 10, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator Critical
CVE-2021-21428 was published for org.openapitools:openapi-generator-online (Maven) May 11, 2021
JLLeitschuh
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Elasticsearch privilege escalation Moderate
CVE-2022-23708 was published for org.elasticsearch:elasticsearch (Maven) Mar 4, 2022
PostgreSQL PL/Java Improper Privilege Management Moderate
CVE-2016-0767 was published for postgresql:pljava-public (Maven) May 13, 2022
Cloud Foundry UAA privilege escalation with user invitations Critical
CVE-2017-4992 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Privilege Escalation High
CVE-2017-4973 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA password reset vulnerability High
CVE-2017-4991 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Identity Zone Admin Privilege Escalation Moderate
CVE-2017-8032 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
Improper Privilege Management in Jenkins Config File Provider Plugin Moderate
CVE-2017-1000104 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 13, 2022
Improper Privilege Management in Jenkins High
CVE-2018-1000865 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass High
CVE-2018-1000866 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API