GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Incorrect Default Permissions in CRI-O
Moderate
CVE-2022-27652
was published
for
github.com/cri-o/cri-o
(Go)
Apr 22, 2022
Incorrect Default Permissions in JetBrains Kotlin
Moderate
CVE-2020-29582
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
May 24, 2022
parse-server's session object properties can be updated by foreign user if object ID is known
Moderate
CVE-2022-39225
was published
for
parse-server
(npm)
Sep 21, 2022
coreos-installer < 0.10.0 writes world-readable Ignition config to installed system
Moderate
CVE-2021-3917
was published
for
coreos-installer
(Rust)
Nov 8, 2021
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42130
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42127
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42128
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27205
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Non-empty default inheritable capabilities for linux container in Buildah
Moderate
CVE-2022-27651
was published
for
github.com/containers/buildah
(Go)
Apr 1, 2022
ansible-runner 2.0.0 default temporary files written to world R/W locations
Moderate
CVE-2021-3701
was published
for
ansible-runner
(pip)
Aug 24, 2022
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions
Moderate
CVE-2023-23850
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36397
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
cilium-agent container can access the host via `hostPath` mount
Moderate
CVE-2023-27593
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
Default inheritable capabilities for linux container should be empty
Moderate
CVE-2022-29162
was published
for
github.com/opencontainers/runc
(Go)
May 24, 2022
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
User login denial of service in github.com/google/fscrypt
Moderate
CVE-2022-25327
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
Moderate
CVE-2019-10469
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions
Moderate
CVE-2019-10463
was published
for
org.jenkins-ci.plugins:dynatrace-dashboard
(Maven)
May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check
Moderate
CVE-2019-10465
was published
for
org.jenkins-ci.plugins:weblogic-deployer-plugin
(Maven)
May 24, 2022
Jenkins Global Post Script Plugin missing permission check
Moderate
CVE-2019-10474
was published
for
org.jenkins-ci.plugins:global-post-script
(Maven)
May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check
Moderate
CVE-2019-16559
was published
for
org.jenkins-ci.plugins:websphere-deployer
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Moderate
CVE-2019-10470
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API