Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Loading
Moderate severity vulnerability that affects org.apache.hadoop:hadoop-main Moderate
CVE-2017-3166 was published for org.apache.hadoop:hadoop-main (Maven) Dec 21, 2018
SilverStripe Subsite weakens file permissions Moderate
CVE-2022-42949 was published for silverstripe/subsites (Composer) Dec 19, 2022
Phusion Passenger incorrect permission assignment Moderate
CVE-2018-12615 was published for passenger (RubyGems) May 13, 2022
jhutchings1
Incorrect Permission Assignment for Critical Resource in Jenkins Moderate
CVE-2017-2612 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Local information disclosure via system temporary directory Moderate
CVE-2021-28168 was published for org.glassfish.jersey.core:jersey-common (Maven) Apr 23, 2021
JLLeitschuh
Missing Authorization in Apache Archiva Moderate
CVE-2022-29405 was published for org.apache.archiva:archiva (Maven) May 26, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Opencast has Incorrect Permission Assignment Moderate
CVE-2017-1000221 was published for org.opencastproject:opencast-kernel (Maven) May 13, 2022
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin Moderate
CVE-2022-34112 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
TemporaryFolder on unix-like systems does not limit access to created files Moderate
CVE-2020-15250 was published for junit:junit (Maven) Oct 12, 2020
JLLeitschuh
Incorrect Permission Assignment for Critical Resource and Permissive List of Allowed Inputs in Keycloak Moderate
CVE-2020-1694 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
Incorrect permission enforcement in UmbracoCms Moderate
CVE-2020-29454 was published for UmbracoCms (NuGet) Apr 13, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
Incorrect Permission Assignment for Critical Resource in CRI-O Moderate
CVE-2022-0532 was published for github.com/cri-o/cri-o (Go) Feb 11, 2022
Exposure of Sensitive Information in OpenGoofy Hippo4j Moderate
CVE-2023-27095 was published for cn.hippo4j:hippo4j-core (Maven) Mar 16, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Microweber Incorrect Permission Assignment for Critical Resource vulnerability Moderate
CVE-2022-0277 was published for microweber/microweber (Composer) Jan 21, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Kubernetes Unsafe Cacheing Moderate
CVE-2019-11244 was published for k8s.io/client-go (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database