Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

415 advisories

Loading
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39084 was published Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39085 was published Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39088 was published Jan 4, 2023
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin... Moderate Unreviewed
CVE-2021-46270 was published Mar 3, 2022
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39087 was published Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39082 was published Jan 4, 2023
In network service, there is a missing permission check. This could lead to local escalation of... Moderate Unreviewed
CVE-2022-39081 was published Jan 4, 2023
IBM Manage Application 8.8.0 and 8.9.0 in the IBM Maximo Application Suite is vulnerable to... Moderate Unreviewed
CVE-2022-46774 was published Mar 15, 2023
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions Moderate
CVE-2019-10463 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check Moderate
CVE-2019-10465 was published for org.jenkins-ci.plugins:weblogic-deployer-plugin (Maven) May 24, 2022
Jenkins Global Post Script Plugin missing permission check Moderate
CVE-2019-10474 was published for org.jenkins-ci.plugins:global-post-script (Maven) May 24, 2022
Jenkins WebSphere Deployer Plugin missing permission check Moderate
CVE-2019-16559 was published for org.jenkins-ci.plugins:websphere-deployer (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
PowerJob vulnerable to Insecure Permissions Moderate
CVE-2023-29923 was published for tech.powerjob:powerjob (Maven) Apr 19, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks Moderate
CVE-2023-32996 was published for io.jenkins.plugins:miniorange-saml-sp (Maven) May 16, 2023
Jenkins AppSpider Plugin missing permission check Moderate
CVE-2023-32999 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) May 16, 2023
Sensitive information disclosure due to insecure folder permissions. The following products are... Moderate Unreviewed
CVE-2023-5042 was published Sep 20, 2023
Incorrect default permissions in some Intel Arc RGB Controller software before version 1.06 may... Moderate Unreviewed
CVE-2023-32638 was published Nov 14, 2023
A vulnerability due to improper write protection of UEFI variables was reported in the BIOS of... Moderate Unreviewed
CVE-2022-4575 was published Oct 30, 2023
in OpenHarmony v3.2.2 and prior versions allow a local attacker get confidential information... Moderate Unreviewed
CVE-2023-42774 was published Nov 20, 2023
PowerProtect Agent for File System Version 19.14 and prior, contains an incorrect default... Moderate Unreviewed
CVE-2023-43081 was published Nov 22, 2023
Apache Superset has Incorrect Default Permissions Moderate
CVE-2023-42501 was published for apache-superset (pip) Nov 27, 2023
Insecure permissions in the setNFZEnable function of Autel Robotics EVO Nano drone v1.6.5 allows... Moderate Unreviewed
CVE-2023-47335 was published Nov 16, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database