GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
68 advisories
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
Privilege Escalation in Channelmgnt plug-in for Sopel
High
CVE-2020-15251
was published
for
sopel_plugins.channelmgnt
(pip)
Oct 13, 2020
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE
High
CVE-2022-25208
was published
for
org.jenkins-ci.plugins:sinatra-chef-builder
(Maven)
Feb 16, 2022
Missing Authorization in Jenkins dbCharts Plugin
High
CVE-2022-25206
was published
for
org.jenkins-ci.plugins:dbCharts
(Maven)
Feb 16, 2022
Missing permission check in Jenkins SCP publisher Plugin
High
CVE-2022-25199
was published
for
org.jenkins-ci.plugins:scp
(Maven)
Feb 16, 2022
Gogs vulnerable to improper PAM authorization handling
High
CVE-2022-0871
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27211
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API