GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
94 advisories
Filter by severity
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Improper Authorization in Jenkins
Moderate
CVE-2018-1000408
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
Moderate
CVE-2019-16547
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Jenkins RapidDeploy Plugin missing permission check
Moderate
CVE-2019-16571
was published
for
org.jenkins-ci.plugins:rapiddeploy-jenkins
(Maven)
May 24, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Moderate
CVE-2020-2188
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
Moderate
CVE-2019-16574
was published
for
com.alauda.jenkins.plugins:alauda-devops-pipeline
(Maven)
May 24, 2022
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4804
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Froxlor Improper Authorization vulnerability
Moderate
CVE-2022-4868
was published
for
froxlor/froxlor
(Composer)
Dec 31, 2022
Withdrawn: wallabag subject to Improper Authorization via annotations
Moderate
GHSA-xrw3-wqph-3fxg
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
Withdrawn: wallabag subject to Improper Authorization
Moderate
GHSA-h45f-rjvw-2rv2
was published
for
wallabag/wallabag
(Composer)
Feb 1, 2023
•
withdrawn
wallabag contains Improper Authorization via export feature
Moderate
CVE-2023-0609
was published
for
wallabag/wallabag
(Composer)
Feb 2, 2023
Pixelfed may allow unauthorized actor to view private posts
Moderate
CVE-2023-0914
was published
for
pixelfed/pixelfed
(Composer)
Feb 19, 2023
Wallabag Improper Authorization vulnerability
Moderate
CVE-2023-0734
was published
for
wallabag/wallabag
(Composer)
Mar 5, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
Potential network policy bypass when routing IPv6 traffic
Moderate
CVE-2023-27594
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
Moodle may allow students to bypass sequential navigation during a quiz attempt
Moderate
CVE-2022-40208
was published
for
moodle/moodle
(Composer)
Mar 24, 2023
Publify `guest` role users can self-register even when the admin does not allow it
Moderate
CVE-2021-25973
was published
for
publify_core
(RubyGems)
Nov 3, 2021
HashiCorp Vault's PKI mount vulnerable to denial of service
Moderate
CVE-2023-0665
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
ProTip!
Advisories are also available from the
GraphQL API