GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
123 advisories
Filter by severity
Cargo not respecting umask when extracting crate archives
High
CVE-2023-38497
was published
for
cargo
(Rust)
Aug 3, 2023
Planet's secret file is created with excessive permissions
Moderate
CVE-2023-32303
was published
for
planet
(pip)
May 12, 2023
Incorrect permissions in Apache Ozone
Moderate
CVE-2021-39235
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
xxl-job-admin vulnerable to Insecure Permissions
Moderate
CVE-2023-48087
was published
for
com.xuxueli:xxl-job-admin
(Maven)
Nov 15, 2023
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Local Privilege Escalation in Windows
High
CVE-2023-49797
was published
for
pyinstaller
(pip)
Dec 9, 2023
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Jenkins File Parameter Plugin arbitrary file write vulnerability
High
CVE-2023-32986
was published
for
io.jenkins.plugins:file-parameters
(Maven)
May 16, 2023
Arbitrary code execution vulnerability in Jenkins Speaks! Plugin
High
CVE-2017-1000403
was published
for
org.jvnet.hudson.plugins:speaks
(Maven)
May 13, 2022
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline
High
CVE-2017-1000096
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Unsafe methods in the default list of approved signatures in Jenkins Script Security Plugin
Moderate
CVE-2017-1000095
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-35147
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Jun 14, 2023
Improper privilege handling in Apache Accumulo
High
CVE-2020-17533
was published
for
org.apache.accumulo:accumulo-master
(Maven)
Feb 9, 2022
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
Mautic vulnerable to secret data exfiltration via symfony parameters
Moderate
CVE-2021-27908
was published
for
mautic/core
(Composer)
Apr 6, 2021
Lack of access control on upoaded files
Moderate
CVE-2019-12245
was published
for
silverstripe/assets
(Composer)
Nov 12, 2019
Spring Cloud Contract vulnerable to local information disclosure
Low
CVE-2024-22236
was published
for
org.springframework.cloud:spring-cloud-contract-shade
(Maven)
Jan 31, 2024
Apache Solr Schema Designer blindly "trusts" all configsets
Low
CVE-2023-50292
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
NuGet Package Manager Tampering Vulnerability
Moderate
CVE-2019-0976
was published
for
NuGet.Commands
(NuGet)
May 24, 2022
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
express-cart allows any user to create an admin user
High
CVE-2018-12457
was published
for
express-cart
(npm)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API