GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Incorrect Default Permissions in Beego
Moderate
CVE-2019-16355
was published
for
github.com/astaxie/beego
(Go)
May 24, 2022
Drupal Core Access bypass vulnerability
Moderate
CVE-2020-13667
was published
for
drupal/core
(Composer)
May 24, 2022
Incorrect Default Permissions in JetBrains Kotlin
Moderate
CVE-2020-29582
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
May 24, 2022
Default inheritable capabilities for linux container should be empty
Moderate
CVE-2022-29162
was published
for
github.com/opencontainers/runc
(Go)
May 24, 2022
Magento incorrect permissions vulnerability in the Integrations component
Moderate
CVE-2020-24402
was published
for
magento/community-edition
(Composer)
May 24, 2022
Silverstripe has Incorrect Default Permissions
Moderate
CVE-2020-6165
was published
for
silverstripe/graphql
(Composer)
May 24, 2022
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Improper permission checks in Jenkins Copy Artifact Plugin
Moderate
CVE-2020-2183
was published
for
org.jenkins-ci.plugins:copyartifact
(Maven)
May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check
Moderate
CVE-2019-16559
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
Missing permission check in Jenkins Build Failure Analyzer Plugin
Moderate
CVE-2019-16554
was published
for
com.sonyericsson.jenkins.plugins.bfa:build-failure-analyzer
(Maven)
May 24, 2022
Missing permission check in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2019-16552
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions
Moderate
CVE-2019-10472
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Global Post Script Plugin missing permission check
Moderate
CVE-2019-10474
was published
for
org.jenkins-ci.plugins:global-post-script
(Maven)
May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions
Moderate
CVE-2019-10463
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check
Moderate
CVE-2019-10465
was published
for
org.jenkins-ci.plugins:weblogic-deployer-plugin
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Moderate
CVE-2019-10470
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration
Moderate
CVE-2019-10473
was published
for
org.jenkins-ci.plugins:libvirt-slave
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
Moderate
CVE-2019-10469
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Parameterized Trigger Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000084
was published
for
org.jenkins-ci.plugins:parameterized-trigger
(Maven)
May 13, 2022
Jenkins Build Step Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000089
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 13, 2022
Moodle Incorrect Default Settings
Moderate
CVE-2011-4285
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle default permissions too permissive
Moderate
CVE-2012-1157
was published
for
moodle/moodle
(Composer)
Apr 23, 2022
Incorrect Default Permissions in CRI-O
Moderate
CVE-2022-27652
was published
for
github.com/cri-o/cri-o
(Go)
Apr 22, 2022
Non-empty default inheritable capabilities for linux container in Buildah
Moderate
CVE-2022-27651
was published
for
github.com/containers/buildah
(Go)
Apr 1, 2022
Missing permission checks in AWS Credentials Plugin
Moderate
CVE-2022-27199
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
ProTip!
Advisories are also available from the
GraphQL API