GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,152
Maven
5,000+
npm
3,816
NuGet
692
pip
3,492
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
Moodle Incorrect Default Settings
Moderate
CVE-2011-4285
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle default permissions too permissive
Moderate
CVE-2012-1157
was published
for
moodle/moodle
(Composer)
Apr 23, 2022
Incorrect Default Permissions in CRI-O
Moderate
CVE-2022-27652
was published
for
github.com/cri-o/cri-o
(Go)
Apr 22, 2022
Non-empty default inheritable capabilities for linux container in Buildah
Moderate
CVE-2022-27651
was published
for
github.com/containers/buildah
(Go)
Apr 1, 2022
Missing permission checks in AWS Credentials Plugin
Moderate
CVE-2022-27199
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27205
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
User login denial of service in github.com/google/fscrypt
Moderate
CVE-2022-25327
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
Incorrect Default Permissions in log4js
Moderate
CVE-2022-21704
was published
for
log4js
(npm)
Jan 21, 2022
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Django Incorrect Default Permissions
Moderate
CVE-2020-24584
was published
for
django
(pip)
Mar 18, 2021
Information disclosure in the Contao backend
Moderate
CVE-2019-19712
was published
for
contao/contao
(Composer)
Dec 17, 2019
ProTip!
Advisories are also available from the
GraphQL API