Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

252 advisories

Loading
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Magento Insufficient authorization check when adding users to company accounts Moderate
CVE-2019-7872 was published for magento/community-edition (Composer) May 24, 2022
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2019-10357 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) May 24, 2022
dbolkensteyn
Credited to dbolkensteyn
Missing Authorization in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10344 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
Moodle all messaging conversations could be viewed High
CVE-2019-10154 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Credited to MarkLee131
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker moon2263
Credited to secjoker and moon2263
Improper Authorization in Jenkins Moderate
CVE-2018-1000408 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper authorization in Jenkins Job and Node Ownership Plugin Moderate
CVE-2018-1000107 was published for com.synopsys.jenkinsci:ownership (Maven) May 13, 2022
Improper Authorization in Apache Xalan-Java High
CVE-2014-0107 was published for xalan:xalan (Maven) May 13, 2022
Improper Authorization in Jenkins Core High
CVE-2019-1003004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Authorization in Jenkins Core High
CVE-2019-1003003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Improper Authorization in cobbler Moderate
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Credited to ysf
Improper Authorization in librenms High
CVE-2022-0587 was published for librenms/librenms (Composer) Feb 16, 2022
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Credited to JordanSussman
Arbitrary File Override in Docker Engine Moderate
CVE-2015-3631 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Credited to neersighted
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Credited to neersighted
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Access Restriction Bypass in Docker Moderate
CVE-2014-6408 was published for github.com/docker/docker (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database