GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
56 advisories
Filter by severity
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Authentication Bypass For Endpoints With Anonymous Access in Opencast
Critical
CVE-2020-5206
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authorization in org.apache.hbase:hbase
High
CVE-2019-0212
was published
for
org.apache.hbase:hbase
(Maven)
Apr 2, 2019
Improper Authorization in Apache Xalan-Java
High
CVE-2014-0107
was published
for
xalan:xalan
(Maven)
May 13, 2022
Improper Authorization in Jenkins
Moderate
CVE-2018-1000408
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authorization in Undertoe
High
CVE-2020-1745
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
XWiki Platform Improper Authorization check for inactive users
High
CVE-2022-36090
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
High
CVE-2022-4147
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
Dec 6, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2097
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
Moderate
CVE-2019-16547
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Jenkins RapidDeploy Plugin missing permission check
Moderate
CVE-2019-16571
was published
for
org.jenkins-ci.plugins:rapiddeploy-jenkins
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin
Moderate
CVE-2020-2188
was published
for
org.jenkins-ci.plugins:ec2
(Maven)
May 24, 2022
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
Moderate
CVE-2019-16574
was published
for
com.alauda.jenkins.plugins:alauda-devops-pipeline
(Maven)
May 24, 2022
Privilege escalation in Presto
High
CVE-2020-15087
was published
for
io.prestosql:presto-server
(Maven)
Jun 30, 2020
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2019-10357
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
Moderate
CVE-2019-10438
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
Moderate
CVE-2019-10439
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
Moderate
CVE-2019-10469
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API