GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
snapd failed to restrict writes to the $HOME/bin path
Moderate
CVE-2024-1724
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Moderate
CVE-2022-24769
was published
for
github.com/docker/docker
(Go)
Apr 22, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
xxl-job-admin vulnerable to Insecure Permissions
Moderate
CVE-2023-48087
was published
for
com.xuxueli:xxl-job-admin
(Maven)
Nov 15, 2023
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-35147
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Jun 14, 2023
Jenkins Tag Profiler Plugin missing permission check
Moderate
CVE-2023-33004
was published
for
org.jenkins-ci.plugins:tag-profiler
(Maven)
May 16, 2023
Jenkins Email Extension Plugin missing permission check
Moderate
CVE-2023-32979
was published
for
org.jenkins-ci.plugins:email-ext
(Maven)
May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks
Moderate
CVE-2023-32990
was published
for
org.jenkins-ci.plugins:azure-vm-agents
(Maven)
May 16, 2023
CubeFS allows Kubernetes cluster-level privilege escalation
Moderate
CVE-2023-30512
was published
for
github.com/cubefs/cubefs
(Go)
Apr 12, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Moderate
CVE-2023-27096
was published
for
cn.hippo4j:hippo4j-all
(Maven)
Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j
Moderate
CVE-2023-27095
was published
for
cn.hippo4j:hippo4j-core
(Maven)
Mar 16, 2023
SilverStripe Subsite weakens file permissions
Moderate
CVE-2022-42949
was published
for
silverstripe/subsites
(Composer)
Dec 19, 2022
Bytebase does not restrict low privilege user to access admin issues
Moderate
CVE-2022-32169
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
Gitea allowed assignment of private issues
Moderate
CVE-2022-38183
was published
for
code.gitea.io/gitea
(Go)
Aug 13, 2022
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
Moderate
CVE-2022-34112
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
Missing Authorization in Apache Archiva
Moderate
CVE-2022-29405
was published
for
org.apache.archiva:archiva
(Maven)
May 26, 2022
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
SaltStack Salt Allows creating certificates with weak file permissions
Moderate
CVE-2020-17490
was published
for
salt
(pip)
May 24, 2022
Publify has Improper Access Controls
Moderate
CVE-2022-1810
was published
for
publify_core
(RubyGems)
May 24, 2022
Phusion Passenger incorrect permission assignment
Moderate
CVE-2018-12615
was published
for
passenger
(RubyGems)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API