Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,071
Erlang
29
GitHub Actions
19
Go
1,893
Maven
5,000+
npm
3,630
NuGet
638
pip
3,243
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
High severity vulnerability that affects mercurial High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
Incorrect Permission Assignment for Critical Resource in Apache hive Low
CVE-2018-1315 was published for org.apache.hive:hive (Maven) Nov 21, 2018
Doorkeeper subject to Incorrect Permission Assignment High
CVE-2018-1000211 was published for doorkeeper (RubyGems) Aug 13, 2018
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
Improper Access Control in Shopware High
CVE-2022-24872 was published for shopware/core (Composer) Apr 22, 2022
NilsEvers
Incorrect Permission Assignment for Critical Resource in NPM High
CVE-2018-7408 was published for npm (npm) May 13, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Incorrect Permission Assignment for Critical Resource in Jenkins Moderate
CVE-2017-2612 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Local information disclosure via system temporary directory Moderate
CVE-2021-28168 was published for org.glassfish.jersey.core:jersey-common (Maven) Apr 23, 2021
JLLeitschuh
Missing Authorization in Apache Archiva Moderate
CVE-2022-29405 was published for org.apache.archiva:archiva (Maven) May 26, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication High
CVE-2022-39219 was published for github.com/brokercap/Bifrost (Go) Sep 27, 2022
tarihub
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
Opencast has Incorrect Permission Assignment Moderate
CVE-2017-1000221 was published for org.opencastproject:opencast-kernel (Maven) May 13, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare Low
CVE-2022-21694 was published for onionshare-cli (pip) Jan 21, 2022
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Exposure of Sensitive Information to an Unauthorized Actor High
CVE-2021-32717 was published for shopware/platform (Composer) Sep 8, 2021
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin Moderate
CVE-2022-34112 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO Critical
CVE-2022-28056 was published for shopxo/shopxo (Composer) May 3, 2022
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
ProTip! Advisories are also available from the GraphQL API