Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

59 advisories

Loading
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users Moderate
CVE-2024-26280 was published for apache-airflow (pip) Mar 1, 2024
oscerd sunSUNQ
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present Moderate
CVE-2024-47825 was published for github.com/cilium/cilium (Go) Oct 21, 2024
christarazi
Phone information disclosure vulnerability Moderate
CVE-2024-22889 was published for Plone (pip) Mar 6, 2024
Django allows unintended model editing Moderate
CVE-2019-19118 was published for Django (pip) Dec 4, 2019
sunSUNQ
Incorrect Default Permissions in Apache DolphinScheduler Moderate
CVE-2020-13922 was published for org.apache.dolphinscheduler:dolphinscheduler-api (Maven) Feb 9, 2022
Kubean vulnerable to cluster-level privilege escalation Moderate
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
request_store has Incorrect Default Permissions Moderate
CVE-2024-43791 was published for request_store (RubyGems) Aug 23, 2024
G-Rath
Kubernetes sets incorrect permissions on Windows containers logs Moderate
CVE-2024-5321 was published for k8s.io/kubernetes (Go) Jul 18, 2024
Kaminari Insecure File Permissions Vulnerability Moderate
CVE-2024-32978 was published for kaminari (RubyGems) May 28, 2024
G-Rath
Dolibarr Stored Cross-site Scripting Moderate
CVE-2020-13240 was published for dolibarr/dolibarr (Composer) May 24, 2022
Drupal Core Access bypass vulnerability Moderate
CVE-2020-13667 was published for drupal/core (Composer) May 24, 2022
Incorrect Default Permissions in Beego Moderate
CVE-2019-16355 was published for github.com/astaxie/beego (Go) May 24, 2022
Information disclosure in the Contao backend Moderate
CVE-2019-19712 was published for contao/contao (Composer) Dec 17, 2019
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files. Moderate
CVE-2024-28862 was published for rotp (RubyGems) Mar 18, 2024
G-Rath
Pkg Local Privilege Escalation Moderate
CVE-2024-24828 was published for pkg (npm) Feb 9, 2024
TomiBelan
Silverstripe has Incorrect Default Permissions Moderate
CVE-2020-6165 was published for silverstripe/graphql (Composer) May 24, 2022
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials Moderate
CVE-2023-23848 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Jenkins Build Step Plugin fails to check Item/Build permission Moderate
CVE-2017-1000089 was published for org.jenkins-ci.plugins:pipeline-build-step (Maven) May 13, 2022
Missing permission checks in AWS Credentials Plugin Moderate
CVE-2022-27199 was published for org.jenkins-ci.plugins:aws-credentials (Maven) Mar 16, 2022
Incorrect Default Permissions in log4js Moderate
CVE-2022-21704 was published for log4js (npm) Jan 21, 2022
lamweili ranjit-git
Moodle Incorrect Default Settings Moderate
CVE-2011-4285 was published for moodle/moodle (Composer) May 13, 2022
Magento incorrect permissions vulnerability in the Integrations component Moderate
CVE-2020-24402 was published for magento/community-edition (Composer) May 24, 2022
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Parameterized Trigger Plugin fails to check Item/Build permission Moderate
CVE-2017-1000084 was published for org.jenkins-ci.plugins:parameterized-trigger (Maven) May 13, 2022
Moodle default permissions too permissive Moderate
CVE-2012-1157 was published for moodle/moodle (Composer) Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database