GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
Apache IoTDB grafana-connector contains an interface without authorization
High
CVE-2022-38370
was published
for
org.apache.iotdb:iotdb-grafana-connector
(Maven)
Sep 6, 2022
Apache Airflow: Bypass permission verification to read code of other dags
High
CVE-2023-50944
was published
for
apache-airflow
(pip)
Jan 24, 2024
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
High
CVE-2024-52554
was published
for
io.jenkins.plugins:shared-library-version-override
(Maven)
Nov 13, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
Dolibarr arbitrary commands execution
High
CVE-2018-10092
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
High
CVE-2021-41803
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
Disabled permissions granted by Jenkins Assembla Auth Plugin
High
CVE-2023-41945
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
Sep 6, 2023
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings
High
CVE-2017-1000086
was published
for
org.jenkins-ci.plugins:periodicbackup
(Maven)
May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability
High
CVE-2019-1003006
was published
for
org.jenkins-ci.plugins:groovy
(Maven)
May 13, 2022
Jenkins Nexus Platform Plugin missing permission check
High
CVE-2023-50767
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Jenkins GitLab Plugin missing permission checks
High
CVE-2019-10301
was published
for
org.jenkins-ci.plugins:gitlab-plugin
(Maven)
May 24, 2022
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Improper handling of untrusted branches in Gitea Jenkins Plugin
High
CVE-2019-10330
was published
for
org.jenkins-ci.plugins:gitea
(Maven)
May 24, 2022
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
High
CVE-2023-48222
was published
for
org.rundeck:rundeck
(Maven)
Nov 16, 2023
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
1Panel arbitrary file write vulnerability
High
CVE-2023-39966
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
High
CVE-2023-37910
was published
for
org.xwiki.platform:xwiki-platform-attachment-api
(Maven)
Oct 25, 2023
Answer Missing Authorization vulnerability
High
CVE-2023-4124
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
ProTip!
Advisories are also available from the
GraphQL API