GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
KubePi may allow unauthorized access to system API
High
CVE-2023-22478
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
pgadmin4 vulnerable to Code Injection
High
CVE-2022-4223
was published
for
pgadmin4
(pip)
Dec 13, 2022
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
High
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
Missing Authorization in HashiCorp Consul
High
CVE-2022-3920
was published
for
github.com/hashicorp/consul
(Go)
Nov 16, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
High
CVE-2021-41803
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
High
CVE-2022-36091
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Apache IoTDB grafana-connector contains an interface without authorization
High
CVE-2022-38370
was published
for
org.apache.iotdb:iotdb-grafana-connector
(Maven)
Sep 6, 2022
Missing permission check in Coverity Plugin allows capturing credentials
High
CVE-2022-36921
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Missing Authorization in Jenkins Recipe Plugin
High
CVE-2022-34794
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Moodle incorrect access control
High
CVE-2020-25629
was published
for
moodle/moodle
(Composer)
May 24, 2022
Missing permission checks in Jenkins Chaos Monkey Plugin
High
CVE-2020-2322
was published
for
io.jenkins.plugins:chaos-monkey
(Maven)
May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials
High
CVE-2020-2234
was published
for
org.jenkins-ci.plugins:pipeline-maven
(Maven)
May 24, 2022
Jenkins Team Concert Plugin missing permission check
High
CVE-2019-16566
was published
for
org.jenkins-ci.plugins:teamconcert
(Maven)
May 24, 2022
Jenkins Ansible Tower Plugin missing permission check
High
CVE-2019-10311
was published
for
org.jenkins-ci.plugins:ansible-tower
(Maven)
May 24, 2022
Jenkins GitLab Plugin missing permission checks
High
CVE-2019-10301
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
May 24, 2022
Regular expression denial of service in Apache ShenYu
High
CVE-2022-26650
was published
for
org.apache.shenyu:shenyu
(Maven)
May 18, 2022
Missing Authorization in Jenkins SSH plugin
High
CVE-2022-30959
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Apache Sentry may allow attacker to access/remove data from Sentry protected table
High
CVE-2018-8028
was published
for
org.apache.sentry:sentry
(Maven)
May 13, 2022
Dolibarr arbitrary commands execution
High
CVE-2018-10092
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings
High
CVE-2017-1000086
was published
for
org.jenkins-ci.plugins:periodicbackup
(Maven)
May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability
High
CVE-2019-1003006
was published
for
org.jenkins-ci.plugins:groovy
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API