GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Grafana information disclosure
Moderate
CVE-2020-12458
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana world readable configuration files
Moderate
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Publify has Improper Access Controls
Moderate
CVE-2022-1810
was published
for
publify_core
(RubyGems)
May 24, 2022
Phusion Passenger incorrect permission assignment
Moderate
CVE-2018-12615
was published
for
passenger
(RubyGems)
May 13, 2022
Drupal access bypass vulnerability
Moderate
CVE-2017-6928
was published
for
drupal/core
(Composer)
May 13, 2022
Opencast has Incorrect Permission Assignment
Moderate
CVE-2017-1000221
was published
for
org.opencastproject:opencast-kernel
(Maven)
May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
Moderate
CVE-2017-1000095
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins
Moderate
CVE-2017-2612
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Bolt Improper Access Control
Moderate
CVE-2017-16754
was published
for
bolt/bolt
(Composer)
May 13, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Kubernetes Unsafe Cacheing
Moderate
CVE-2019-11244
was published
for
k8s.io/client-go
(Go)
Feb 15, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
Moderate
CVE-2020-1694
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Moderate
CVE-2022-0277
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect permissions in Apache Ozone
Moderate
CVE-2021-39235
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Exposure of sensitive information in Elasticsearch
Moderate
CVE-2021-22147
was published
for
org.elasticsearch:elasticsearch
(Maven)
Sep 20, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Moderate
CVE-2020-12797
was published
for
github.com/hashicorp/consul
(Go)
Jun 23, 2021
Cache Manipulation Attack in Apache Traffic Control
Moderate
CVE-2020-17522
was published
for
github.com/apache/trafficcontrol
(Go)
Jun 18, 2021
Permissions bypass in KubeVirt
Moderate
CVE-2020-1701
was published
for
kubevirt.io/kubevirt
(Go)
Jun 1, 2021
Local information disclosure via system temporary directory
Moderate
CVE-2021-28168
was published
for
org.glassfish.jersey.core:jersey-common
(Maven)
Apr 23, 2021
ProTip!
Advisories are also available from the
GraphQL API