Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

145 advisories

Loading
Improper authorization of users and groups with the same base name in Jenkins GitLab Authentication Plugin High
CVE-2020-2228 was published for org.jenkins-ci.plugins:gitlab-oauth (Maven) May 24, 2022
NotMyFault
Magento authorization bypass vulnerability High
CVE-2020-9587 was published for magento/community-edition (Composer) May 24, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID High
CVE-2020-12691 was published for keystone (pip) May 24, 2022
Incorrect Authorization in Dolibarr High
CVE-2020-12669 was published for dolibarr/dolibarr (Composer) May 24, 2022
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2134 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Sandbox bypass vulnerability in Script Security Plugin High
CVE-2020-2135 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
NotMyFault
Incorrect Authorization in Jenkins Script Security Plugin High
CVE-2019-16538 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Keycloak Unauthenticated Access High
CVE-2019-14832 was published for org.keycloak:keycloak-model-infinispan (Maven) May 24, 2022
Kubernetes kube-apiserver unauthorized access High
CVE-2019-11247 was published for k8s.io/apiextensions-apiserver (Go) May 24, 2022
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions High
CVE-2010-1627 was published for phpbb/phpbb (Composer) May 17, 2022
Rudloff
Arbitrary file overwrite in OpenStack Nova High
CVE-2012-3447 was published for nova (pip) May 17, 2022
OpenStack Keystone Insufficient token expiration High
CVE-2012-5563 was published for keystone (pip) May 17, 2022
Cloud Foundry UAA accepts refresh token as access token on admin endpoints High
CVE-2018-11047 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Jenkins Black Duck Hub Plugin allowed any user with Overall/Read to read and write its configuration High
CVE-2018-1000197 was published for com.blackducksoftware.integration:blackduck-hub (Maven) May 13, 2022
Drupal editor module incorrectly checks access to inline private files High
CVE-2017-6377 was published for drupal/core (Composer) May 13, 2022
Jenkins HipChat Plugin allows credential capture due to incorrect authorization High
CVE-2018-1000418 was published for org.jvnet.hudson.plugins:hipchat (Maven) May 13, 2022
Apache Geode vulnerable to Incorrect Authorization High
CVE-2017-15695 was published for org.apache.geode:geode-core (Maven) May 13, 2022
MarkLee131
OpenStack Identity service (keystone) Incorrect Authorization High
CVE-2017-2673 was published for keystone (pip) May 13, 2022
Incorrect Authorization in Apache Tomcat High
CVE-2016-6797 was published for org.apache.tomcat:tomcat (Maven) May 13, 2022
sunSUNQ
Incorrect Authorization in microweber High
CVE-2022-1631 was published for microweber/microweber (Composer) May 10, 2022
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM High
CVE-2013-0335 was published for Nova (pip) May 5, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
trytond Incorrect Authorization vulnerability High
CVE-2012-2238 was published for trytond (pip) Apr 23, 2022
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-29047 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Apr 13, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database