Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Loading
Grafana information disclosure Moderate
CVE-2020-12458 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana world readable configuration files Moderate
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Drupal access bypass vulnerability Moderate
CVE-2017-6928 was published for drupal/core (Composer) May 13, 2022
Opencast has Incorrect Permission Assignment Moderate
CVE-2017-1000221 was published for org.opencastproject:opencast-kernel (Maven) May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin Moderate
CVE-2017-1000095 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Moderate
CVE-2017-2612 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Bolt Improper Access Control Moderate
CVE-2017-16754 was published for bolt/bolt (Composer) May 13, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin Moderate
CVE-2022-28137 was published for org.jenkins-ci.plugins:JiraTestResultReporter (Maven) Mar 30, 2022
NotMyFault
Kubernetes Unsafe Cacheing Moderate
CVE-2019-11244 was published for k8s.io/client-go (Go) Feb 15, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O Moderate
CVE-2022-0532 was published for github.com/cri-o/cri-o (Go) Feb 11, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak Moderate
CVE-2020-1694 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Incorrect permissions in Apache Ozone Moderate
CVE-2021-39235 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul Moderate
CVE-2020-12797 was published for github.com/hashicorp/consul (Go) Jun 23, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
Permissions bypass in KubeVirt Moderate
CVE-2020-1701 was published for kubevirt.io/kubevirt (Go) Jun 1, 2021
Local information disclosure via system temporary directory Moderate
CVE-2021-28168 was published for org.glassfish.jersey.core:jersey-common (Maven) Apr 23, 2021
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API