Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

68 advisories

Loading
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible High
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier
Dolibarr arbitrary commands execution High
CVE-2018-10092 was published for dolibarr/dolibarr (Composer) May 13, 2022
Ant Media Server vulnerable to a local privilege escalation High
CVE-2024-32656 was published for io.antmedia:ant-media-server (Maven) Apr 22, 2024
UNC1739
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions High
CVE-2021-41803 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
anonymous4ACL24
Disabled permissions granted by Jenkins Assembla Auth Plugin High
CVE-2023-41945 was published for org.jenkins-ci.plugins:assembla-auth (Maven) Sep 6, 2023
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings High
CVE-2017-1000086 was published for org.jenkins-ci.plugins:periodicbackup (Maven) May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003006 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Jenkins Nexus Platform Plugin missing permission check High
CVE-2023-50767 was published for org.sonatype.nexus.ci:nexus-jenkins-plugin (Maven) Dec 13, 2023
Jenkins GitLab Plugin missing permission checks High
CVE-2019-10301 was published for org.jenkins-ci.plugins:gitlab-plugin (Maven) May 24, 2022
Jenkins MATLAB Plugin missing permission checks High
CVE-2023-49654 was published for org.jenkins-ci.plugins:matlab (Maven) Nov 29, 2023
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Improper handling of untrusted branches in Gitea Jenkins Plugin High
CVE-2019-10330 was published for org.jenkins-ci.plugins:gitea (Maven) May 24, 2022
westonsteimel
Authenticated Rundeck users can view or delete jobs they do not have authorization for. High
CVE-2023-48222 was published for org.rundeck:rundeck (Maven) Nov 16, 2023
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
1Panel arbitrary file write vulnerability High
CVE-2023-39966 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move High
CVE-2023-37910 was published for org.xwiki.platform:xwiki-platform-attachment-api (Maven) Oct 25, 2023
Answer Missing Authorization vulnerability High
CVE-2023-4124 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Missing authorization in Liferay portal High
CVE-2023-33948 was published for com.liferay.portal:release.portal.bom (Maven) May 24, 2023
Hazelcast Executor Services don't check client permissions properly High
CVE-2023-33265 was published for com.hazelcast:hazelcast (Maven) Jul 19, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Missing authorization in Jenkins Plug-in for ServiceNow High
CVE-2023-3442 was published for io.jenkins.plugins:servicenow-devops (Maven) Jul 26, 2023
Command injection in nevado-jms High
CVE-2023-31826 was published for org.skyscreamer:nevado-jms (Maven) May 23, 2023
Jenkins Team Concert Plugin missing permission check High
CVE-2019-16566 was published for org.jenkins-ci.plugins:teamconcert (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API