GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
72 advisories
Filter by severity
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Insecure plugin handling in Mattermost
High
CVE-2022-1384
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Missing Authorization in Apache ZooKeeper
High
CVE-2018-8012
was published
for
org.apache.zookeeper:zookeeper
(Maven)
May 13, 2022
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor
High
CVE-2022-36091
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
Missing Authorization in Jenkins SSH plugin
High
CVE-2022-30959
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
Missing Authorization in Jenkins Recipe Plugin
High
CVE-2022-34794
was published
for
org.jenkins-ci.plugins:recipe
(Maven)
Jul 1, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
Missing permission check in Coverity Plugin allows capturing credentials
High
CVE-2022-36921
was published
for
org.jenkins-ci.plugins:coverity
(Maven)
Jul 28, 2022
Missing Authorization with Default Settings in Dashboard UI
High
CVE-2021-41238
was published
for
Hangfire.Core
(NuGet)
Nov 3, 2021
Velociraptor vulnerable to Missing Authorization
High
CVE-2023-0242
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 18, 2023
Missing Authorization in HashiCorp Consul
High
CVE-2022-3920
was published
for
github.com/hashicorp/consul
(Go)
Nov 16, 2022
Apache Archiva vulnerable to Sensitive Information Disclosure via anonymous user
High
CVE-2022-40308
was published
for
org.apache.archiva:archiva-common
(Maven)
Nov 15, 2022
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Improper Authorization in Google OAuth Client
High
CVE-2020-7692
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Sep 28, 2021
Apache Sentry may allow attacker to access/remove data from Sentry protected table
High
CVE-2018-8028
was published
for
org.apache.sentry:sentry
(Maven)
May 13, 2022
Missing Authorization in DayByDay CRM
High
CVE-2022-22111
was published
for
bottelet/flarepoint
(Composer)
Jan 8, 2022
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui
High
CVE-2022-41930
was published
for
org.xwiki.platform:xwiki-platform-user-profile-ui
(Maven)
Nov 21, 2022
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Missing authentication in ShenYu
High
CVE-2022-23945
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
High
CVE-2023-1782
was published
for
github.com/hashicorp/nomad
(Go)
Apr 5, 2023
Apache James server's JMX management service vulnerable to privilege escalation by local user
High
CVE-2023-26269
was published
for
org.apache.james:javax-mail-extension
(Maven)
Apr 3, 2023
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
pgadmin4 vulnerable to Code Injection
High
CVE-2022-4223
was published
for
pgadmin4
(pip)
Dec 13, 2022
Gitea Missing Authorization vulnerability
High
CVE-2022-0905
was published
for
code.gitea.io/gitea
(Go)
Mar 11, 2022
ProTip!
Advisories are also available from the
GraphQL API