Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
High severity vulnerability that affects mercurial High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
High severity vulnerability that affects org.scala-lang:scala-compiler High
CVE-2017-15288 was published for org.scala-lang:scala-compiler (Maven) Oct 19, 2018
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource High
CVE-2019-18409 was published for ruby_parser-legacy (RubyGems) Oct 25, 2019
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Code injection in Apache Druid High
CVE-2021-25646 was published for org.apache.druid:druid (Maven) Jun 16, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions. High
CVE-2021-38557 was published for billz/raspap-webgui (Composer) Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Insecure Inherited Permissions in neoan3-apps/template High
CVE-2021-41170 was published for neoan3-apps/template (Composer) Nov 10, 2021
Incorrect Permission Assignment for Critical Resource in Singularity High
CVE-2019-11328 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Improper privilege handling in Apache Accumulo High
CVE-2020-17533 was published for org.apache.accumulo:accumulo-master (Maven) Feb 9, 2022
SaltStack Salt Permissions Bypass High
CVE-2022-22941 was published for salt (pip) Mar 30, 2022
Improper Access Control in Shopware High
CVE-2022-24872 was published for shopware/core (Composer) Apr 22, 2022
NilsEvers
Statamic framework Incorrect Permission Assignment High
CVE-2017-11422 was published for statamic/cms (Composer) May 13, 2022
Podman Elevated Container Privileges High
CVE-2018-10856 was published for github.com/containers/podman (Go) May 13, 2022
andrewpollock
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline High
CVE-2017-1000096 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
Arbitrary code execution vulnerability in Jenkins Speaks! Plugin High
CVE-2017-1000403 was published for org.jvnet.hudson.plugins:speaks (Maven) May 13, 2022
Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability High
CVE-2018-1000025 was published for kreait/firebase-php (Composer) May 13, 2022
LightSAML Incorrect Access Control vulnerability High
CVE-2018-1000165 was published for lightsaml/lightsaml (Composer) May 13, 2022
MODX Revolution Incorrect Access Control vulnerability High
CVE-2018-1000207 was published for modx/revolution (Composer) May 13, 2022
Incorrect Access Control in Phusion Passenger High
CVE-2018-12028 was published for passenger (RubyGems) May 13, 2022
express-cart allows any user to create an admin user High
CVE-2018-12457 was published for express-cart (npm) May 13, 2022
Froxlor Incorrect Access Control High
CVE-2018-12642 was published for froxlor/froxlor (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API