GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin
High
CVE-2024-52554
was published
for
io.jenkins.plugins:shared-library-version-override
(Maven)
Nov 13, 2024
Snipe-IT allows users to promote or demote themselves or other users
High
CVE-2024-5685
was published
for
snipe/snipe-it
(Composer)
Jun 14, 2024
Ant Media Server vulnerable to a local privilege escalation
High
CVE-2024-32656
was published
for
io.antmedia:ant-media-server
(Maven)
Apr 22, 2024
Erroneous authentication pass in Spring Security
High
CVE-2024-22257
was published
for
org.springframework.security:spring-security-core
(Maven)
Mar 18, 2024
Apache Airflow: Bypass permission verification to read code of other dags
High
CVE-2023-50944
was published
for
apache-airflow
(pip)
Jan 24, 2024
Jenkins Nexus Platform Plugin missing permission check
High
CVE-2023-50767
was published
for
org.sonatype.nexus.ci:nexus-jenkins-plugin
(Maven)
Dec 13, 2023
Authorization bypass in Quarkus
High
CVE-2023-6394
was published
for
io.quarkus:quarkus-smallrye-graphql-client
(Maven)
Dec 9, 2023
Jenkins MATLAB Plugin missing permission checks
High
CVE-2023-49654
was published
for
org.jenkins-ci.plugins:matlab
(Maven)
Nov 29, 2023
Authenticated Rundeck users can view or delete jobs they do not have authorization for.
High
CVE-2023-48222
was published
for
org.rundeck:rundeck
(Maven)
Nov 16, 2023
org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move
High
CVE-2023-37910
was published
for
org.xwiki.platform:xwiki-platform-attachment-api
(Maven)
Oct 25, 2023
Disabled permissions granted by Jenkins Assembla Auth Plugin
High
CVE-2023-41945
was published
for
org.jenkins-ci.plugins:assembla-auth
(Maven)
Sep 6, 2023
1Panel arbitrary file write vulnerability
High
CVE-2023-39966
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Answer Missing Authorization vulnerability
High
CVE-2023-4124
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
Missing authorization in Jenkins Plug-in for ServiceNow
High
CVE-2023-3442
was published
for
io.jenkins.plugins:servicenow-devops
(Maven)
Jul 26, 2023
Hazelcast Executor Services don't check client permissions properly
High
CVE-2023-33265
was published
for
com.hazelcast:hazelcast
(Maven)
Jul 19, 2023
Sealos billing system permission control defect
High
CVE-2023-36815
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Missing authorization in Liferay portal
High
CVE-2023-33948
was published
for
com.liferay.portal:release.portal.bom
(Maven)
May 24, 2023
Synapse does not apply enough checks to servers requesting auth events of events in a room
High
CVE-2022-39335
was published
for
matrix-synapse
(pip)
May 24, 2023
Command injection in nevado-jms
High
CVE-2023-31826
was published
for
org.skyscreamer:nevado-jms
(Maven)
May 23, 2023
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
High
CVE-2023-1782
was published
for
github.com/hashicorp/nomad
(Go)
Apr 5, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user
High
CVE-2023-26269
was published
for
org.apache.james:javax-mail-extension
(Maven)
Apr 3, 2023
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Velociraptor vulnerable to Missing Authorization
High
CVE-2023-0242
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 18, 2023
ProTip!
Advisories are also available from the
GraphQL API