GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
128 advisories
Filter by severity
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman
(Go)
May 13, 2022
Mercurial Incorrect Access Control vulnerability
Critical
CVE-2018-1000132
was published
for
mercurial
(pip)
May 13, 2022
Statamic framework Incorrect Permission Assignment
High
CVE-2017-11422
was published
for
statamic/cms
(Composer)
May 13, 2022
Bolt Improper Access Control
Moderate
CVE-2017-16754
was published
for
bolt/bolt
(Composer)
May 13, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO
Critical
CVE-2022-28056
was published
for
shopxo/shopxo
(Composer)
May 3, 2022
Improper Access Control in Shopware
High
CVE-2022-24872
was published
for
shopware/core
(Composer)
Apr 22, 2022
Struts ParameterInterceptor vulnerability allows remote command execution
Critical
CVE-2011-3923
was published
for
org.apache.struts:struts2-core
(Maven)
Apr 22, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Kubernetes Unsafe Cacheing
Moderate
CVE-2019-11244
was published
for
k8s.io/client-go
(Go)
Feb 15, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
Improper privilege handling in Apache Accumulo
High
CVE-2020-17533
was published
for
org.apache.accumulo:accumulo-master
(Maven)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in Ansible
Moderate
CVE-2020-1736
was published
for
ansible
(pip)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak
Moderate
CVE-2020-1694
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
Incorrect Permission Assignment for Critical Resource in OnionShare
Moderate
CVE-2022-21694
was published
for
onionshare-cli
(pip)
Jan 21, 2022
Microweber Incorrect Permission Assignment for Critical Resource vulnerability
Moderate
CVE-2022-0277
was published
for
microweber/microweber
(Composer)
Jan 21, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin
Moderate
CVE-2022-20614
was published
for
org.jenkins-ci.plugins:mailer
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin
Moderate
CVE-2022-20616
was published
for
org.jenkins-ci.plugins:credentials-binding
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin
Moderate
CVE-2022-20618
was published
for
org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source
(Maven)
Jan 13, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Incorrect permissions in Apache Ozone
Moderate
CVE-2021-39235
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
ProTip!
Advisories are also available from the
GraphQL API