Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

557 advisories

Loading
Privilege escalation in Presto High
CVE-2020-15087 was published for io.prestosql:presto-server (Maven) Jun 30, 2020
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins Moderate
CVE-2019-16574 was published for com.alauda.jenkins.plugins:alauda-devops-pipeline (Maven) May 24, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI... Critical Unreviewed
CVE-2015-5463 was published May 14, 2022
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable... High Unreviewed
CVE-2021-39317 was published May 24, 2022
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its... High Unreviewed
CVE-2016-7035 was published May 13, 2022
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive... Moderate Unreviewed
CVE-2016-0373 was published May 13, 2022
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on... Moderate Unreviewed
CVE-2016-9464 was published May 13, 2022
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions... High Unreviewed
CVE-2016-7071 was published May 13, 2022
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's... Moderate Unreviewed
CVE-2016-9575 was published May 13, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and... Critical Unreviewed
CVE-2015-3954 was published May 13, 2022
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and... High Unreviewed
CVE-2016-1000219 was published May 13, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin Moderate
CVE-2020-2188 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions... Moderate Unreviewed
CVE-2018-14662 was published May 13, 2022
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a... Moderate Unreviewed
CVE-2021-42336 was published May 24, 2022
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control.... Moderate Unreviewed
CVE-2021-42331 was published May 24, 2022
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the... High Unreviewed
CVE-2021-41975 was published May 24, 2022
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the... Moderate Unreviewed
CVE-2021-41568 was published May 24, 2022
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control.... High Unreviewed
CVE-2021-42330 was published May 24, 2022
The “List View” function of ShinHer StudyOnline System is not under authority control. After... Moderate Unreviewed
CVE-2021-42332 was published May 24, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. High Unreviewed
CVE-2022-2901 was published Sep 7, 2022
Jenkins RapidDeploy Plugin missing permission check Moderate
CVE-2019-16571 was published for org.jenkins-ci.plugins:rapiddeploy-jenkins (Maven) May 24, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability Moderate
CVE-2019-16547 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary... High Unreviewed
CVE-2021-40502 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database