GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
Users with ROLE_COURSE_ADMIN can create new users in Opencast
Moderate
CVE-2020-5231
was published
for
org.opencastproject:opencast-kernel
(Maven)
Jan 30, 2020
2FA bypass through deleting devices in wagtail-2fa
Moderate
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Unauthorized privilege escalation in Mod module
Moderate
CVE-2020-15278
was published
for
red-discordbot
(pip)
Oct 27, 2020
Publify `guest` role users can self-register even when the admin does not allow it
Moderate
CVE-2021-25973
was published
for
publify_core
(RubyGems)
Nov 3, 2021
Arbitrary File Override in Docker Engine
Moderate
CVE-2015-3631
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper Authorization in cobbler
Moderate
CVE-2022-0860
was published
for
cobbler
(pip)
Mar 11, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Improper authorization in Jenkins Job and Node Ownership Plugin
Moderate
CVE-2018-1000107
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
May 13, 2022
Improper Authorization in Jenkins
Moderate
CVE-2018-1000408
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin
Moderate
CVE-2019-10357
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps-global-lib
(Maven)
May 24, 2022
Missing Authorization in Jenkins Configuration as Code Plugin
Moderate
CVE-2019-10344
was published
for
io.jenkins:configuration-as-code
(Maven)
May 24, 2022
Magento Insufficient authorization check when adding users to company accounts
Moderate
CVE-2019-7872
was published
for
magento/community-edition
(Composer)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
Moderate
CVE-2019-10438
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
Moderate
CVE-2019-10439
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization
Moderate
CVE-2019-10469
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration
Moderate
CVE-2019-10470
was published
for
com.elasticbox.jenkins-ci.plugins:kubernetes-ci
(Maven)
May 24, 2022
Jenkins Google Compute Engine Plugin Missing Authorization vulnerability
Moderate
CVE-2019-16547
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Missing permission check in Jenkins Gerrit Trigger Plugin
Moderate
CVE-2019-16552
was published
for
com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger
(Maven)
May 24, 2022
Jenkins RapidDeploy Plugin missing permission check
Moderate
CVE-2019-16571
was published
for
org.jenkins-ci.plugins:rapiddeploy-jenkins
(Maven)
May 24, 2022
Jenkins Alauda DevOps Pipeline Plugin allows attackers with Overall/Read permission to capture credentials stored in Jenkins
Moderate
CVE-2019-16574
was published
for
com.alauda.jenkins.plugins:alauda-devops-pipeline
(Maven)
May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read
Moderate
CVE-2020-2104
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Users with Overall/Read access can enumerate credential IDs in Pipeline GitHub Notify Step Plugin
Moderate
CVE-2020-2118
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 24, 2022
Missing permission checks in Mac Plugin
Moderate
CVE-2020-2148
was published
for
fr.edf.jenkins.plugins:mac
(Maven)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API