Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

72 advisories

Loading
Tryton Improper Access Control High
CVE-2019-10868 was published for trytond (pip) Apr 10, 2019
Undertow Missing Authorization when requesting a protected directory without trailing slash High
CVE-2019-10184 was published for io.undertow:undertow-servlet (Maven) Aug 1, 2019
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper High
CVE-2020-10187 was published for doorkeeper (RubyGems) May 7, 2020
stefansundin nbulaj
Missing Authorization in TeamPass High
CVE-2020-11671 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Improper Authorization in Google OAuth Client High
CVE-2020-7692 was published for com.google.oauth-client:google-oauth-client (Maven) Sep 28, 2021
Missing Authorization with Default Settings in Dashboard UI High
CVE-2021-41238 was published for Hangfire.Core (NuGet) Nov 3, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Missing Authorization in DayByDay CRM High
CVE-2022-22111 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003006 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings High
CVE-2017-1000086 was published for org.jenkins-ci.plugins:periodicbackup (Maven) May 13, 2022
Dolibarr arbitrary commands execution High
CVE-2018-10092 was published for dolibarr/dolibarr (Composer) May 13, 2022
ProTip! Advisories are also available from the GraphQL API