GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Moodle IDOR when deleting OAuth2 linked accounts
Moderate
CVE-2024-45690
was published
for
moodle/moodle
(Composer)
Nov 20, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
request_store has Incorrect Default Permissions
Moderate
CVE-2024-43791
was published
for
request_store
(RubyGems)
Aug 23, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Phone information disclosure vulnerability
Moderate
CVE-2024-22889
was published
for
Plone
(pip)
Mar 6, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Superset has Incorrect Default Permissions
Moderate
CVE-2023-42501
was published
for
apache-superset
(pip)
Nov 27, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
Moderate
CVE-2023-32996
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins AppSpider Plugin missing permission check
Moderate
CVE-2023-32999
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 16, 2023
PowerJob vulnerable to Insecure Permissions
Moderate
CVE-2023-29923
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
cilium-agent container can access the host via `hostPath` mount
Moderate
CVE-2023-27593
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36397
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions
Moderate
CVE-2023-23850
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials
Moderate
CVE-2023-23848
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42127
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42128
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42130
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
parse-server's session object properties can be updated by foreign user if object ID is known
Moderate
CVE-2022-39225
was published
for
parse-server
(npm)
Sep 21, 2022
ansible-runner has default temporary files written to world R/W locations
Moderate
CVE-2021-3701
was published
for
ansible-runner
(pip)
Aug 24, 2022
ProTip!
Advisories are also available from the
GraphQL API