Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,462
Erlang
33
GitHub Actions
22
Go
2,159
Maven
5,000+
npm
3,820
NuGet
696
pip
3,502
Pub
12
RubyGems
903
Rust
904
Swift
38
Unreviewed advisories
All unreviewed
5,000+

461 advisories

Loading
A local privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XSOAR engine... Moderate Unreviewed
CVE-2023-3282 was published Nov 8, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32990 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Jenkins Email Extension Plugin missing permission check Moderate
CVE-2023-32979 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
A vulnerability has been identified in Node.js version 20, affecting users of the experimental... Moderate Unreviewed
CVE-2023-32005 was published Sep 20, 2023
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul Moderate
CVE-2020-12797 was published for github.com/hashicorp/consul (Go) Jun 23, 2021
Kubernetes Unsafe Cacheing Moderate
CVE-2019-11244 was published for k8s.io/client-go (Go) Feb 15, 2022
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
WatchGuard Firebox and XTM appliances allow an authenticated remote attacker with unprivileged... Moderate Unreviewed
CVE-2022-25363 was published Feb 25, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry... Moderate Unreviewed
CVE-2022-23725 was published Jul 1, 2022
A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5... Moderate Unreviewed
CVE-2022-32227 was published Sep 25, 2022
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39... Moderate Unreviewed
CVE-2022-47927 was published Jan 12, 2023
Microweber Incorrect Permission Assignment for Critical Resource vulnerability Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
An information disclosure vulnerability exists in the web interface session cookie functionality... Moderate Unreviewed
CVE-2022-25172 was published May 13, 2022
Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode... Moderate Unreviewed
CVE-2020-20634 was published May 24, 2022
A vulnerability in the file system permissions of Cisco IOS XE Software could allow an... Moderate Unreviewed
CVE-2020-3503 was published May 24, 2022
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.... Moderate Unreviewed
CVE-2020-24578 was published May 24, 2022
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j Moderate
CVE-2023-27095 was published for cn.hippo4j:hippo4j-core (Maven) Mar 16, 2023
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can... Moderate Unreviewed
CVE-2019-9008 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database