Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,645
Maven
5,000+
npm
4,271
NuGet
760
pip
4,065
Pub
12
RubyGems
957
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,860 advisories

Loading
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The... High Unreviewed
CVE-2019-17190 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) 5.1 through... Low Unreviewed
CVE-2020-5197 was published May 24, 2022
An Improper Authorization - CWE-285 vulnerability exists in EcoStruxure? Control Expert V14.0 and... High Unreviewed
CVE-2019-6855 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which... Moderate Unreviewed
CVE-2019-4343 was published May 24, 2022
Pandora FMS 7.x suffers from remote code execution vulnerability. With an authenticated user who... High Unreviewed
CVE-2019-19681 was published May 24, 2022
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all... Moderate Unreviewed
CVE-2019-11294 was published May 24, 2022
This improper access control vulnerability allows remote attackers to gain unauthorized access to... High Unreviewed
CVE-2019-7192 was published May 24, 2022
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges. High Unreviewed
CVE-2016-4572 was published May 24, 2022
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. Moderate Unreviewed
CVE-2016-3131 was published May 24, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an... Moderate Unreviewed
CVE-2019-5879 was published May 24, 2022
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed... Moderate Unreviewed
CVE-2019-13716 was published May 24, 2022
Incorrect Authorization in Jenkins Script Security Plugin High
CVE-2019-16538 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper... Moderate Unreviewed
CVE-2019-5231 was published May 24, 2022
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601)... Moderate Unreviewed
CVE-2018-18819 was published May 24, 2022
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter... Moderate Unreviewed
CVE-2019-5533 was published May 24, 2022
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint ... Moderate Unreviewed
CVE-2019-6144 was published May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
Keycloak Unauthenticated Access High
CVE-2019-14832 was published for org.keycloak:keycloak-model-infinispan (Maven) May 24, 2022
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access... Critical Unreviewed
CVE-2019-15941 was published May 24, 2022
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-12671 was published May 24, 2022
A vulnerability in the IOx application environment for Cisco IOS Software could allow an... High Unreviewed
CVE-2019-12648 was published May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices,... Critical Unreviewed
CVE-2019-14236 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database