GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Jenkins Azure VM Agents Plugin missing permission checks
Moderate
CVE-2023-32990
was published
for
org.jenkins-ci.plugins:azure-vm-agents
(Maven)
May 16, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
High
CVE-2023-32992
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Planet's secret file is created with excessive permissions
Moderate
CVE-2023-32303
was published
for
planet
(pip)
May 12, 2023
Apache Ranger Hive Plugin missing permissions check
High
CVE-2021-40331
was published
for
org.apache.ranger:ranger-hive-plugin
(Maven)
May 5, 2023
CubeFS allows Kubernetes cluster-level privilege escalation
Moderate
CVE-2023-30512
was published
for
github.com/cubefs/cubefs
(Go)
Apr 12, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module
Moderate
CVE-2023-27096
was published
for
cn.hippo4j:hippo4j-all
(Maven)
Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j
Moderate
CVE-2023-27095
was published
for
cn.hippo4j:hippo4j-core
(Maven)
Mar 16, 2023
Azure/setup-kubectl: Escalation of privilege vulnerability for v3 and lower
Low
CVE-2023-23939
was published
for
Azure/setup-kubectl
(GitHub Actions)
Mar 7, 2023
Insecure Permissions issue in jeecg-boot
High
CVE-2021-37305
was published
for
org.jeecgframework.boot:jeecg-boot-base
(Maven)
Feb 3, 2023
Insecure Permissions issue in jeecg-boot
High
CVE-2021-37304
was published
for
org.jeecgframework.boot:jeecg-boot-base
(Maven)
Feb 3, 2023
Insecure Permissions issue in jeecg-boot
High
CVE-2021-37306
was published
for
org.jeecgframework.boot:jeecg-boot-base
(Maven)
Feb 3, 2023
SilverStripe Subsite weakens file permissions
Moderate
CVE-2022-42949
was published
for
silverstripe/subsites
(Composer)
Dec 19, 2022
Codeigniter4's Secure or HttpOnly flag set in Config\Cookie is not reflected in Cookies issued
Low
CVE-2022-39284
was published
for
codeigniter4/framework
(Composer)
Oct 6, 2022
Bytebase does not restrict low privilege user to access admin issues
Moderate
CVE-2022-32169
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
Talos worker join token can be used to get elevated access level to the Talos API
High
CVE-2022-36103
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Apache ShenYu Admin has insecure permissions
High
CVE-2022-37435
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Sep 2, 2022
Gitea allowed assignment of private issues
Moderate
CVE-2022-38183
was published
for
code.gitea.io/gitea
(Go)
Aug 13, 2022
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin
Moderate
CVE-2022-34112
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jul 23, 2022
Missing Authorization in Apache Archiva
Moderate
CVE-2022-29405
was published
for
org.apache.archiva:archiva
(Maven)
May 26, 2022
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin
Critical
CVE-2021-21809
was published
for
moodle/moodle
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API