GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Mercurial has Incorrect Permission Assignment for Critical Resource
High
CVE-2017-9462
was published
for
mercurial
(pip)
Jul 13, 2018
Doorkeeper subject to Incorrect Permission Assignment
High
CVE-2018-1000211
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
High severity vulnerability that affects org.scala-lang:scala-compiler
High
CVE-2017-15288
was published
for
org.scala-lang:scala-compiler
(Maven)
Oct 19, 2018
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Code injection in Apache Druid
High
CVE-2021-25646
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Improper privilege handling in Apache Accumulo
High
CVE-2020-17533
was published
for
org.apache.accumulo:accumulo-master
(Maven)
Feb 9, 2022
Improper Access Control in Shopware
High
CVE-2022-24872
was published
for
shopware/core
(Composer)
Apr 22, 2022
Statamic framework Incorrect Permission Assignment
High
CVE-2017-11422
was published
for
statamic/cms
(Composer)
May 13, 2022
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman
(Go)
May 13, 2022
Arbitrary code execution due to incomplete sandbox protection in Jenkins Pipeline
High
CVE-2017-1000096
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Arbitrary code execution vulnerability in Jenkins Speaks! Plugin
High
CVE-2017-1000403
was published
for
org.jvnet.hudson.plugins:speaks
(Maven)
May 13, 2022
Jerome Gamez Firebase Admin SDK for PHP Incorrect Access Control vulnerability
High
CVE-2018-1000025
was published
for
kreait/firebase-php
(Composer)
May 13, 2022
LightSAML Incorrect Access Control vulnerability
High
CVE-2018-1000165
was published
for
lightsaml/lightsaml
(Composer)
May 13, 2022
MODX Revolution Incorrect Access Control vulnerability
High
CVE-2018-1000207
was published
for
modx/revolution
(Composer)
May 13, 2022
Incorrect Access Control in Phusion Passenger
High
CVE-2018-12028
was published
for
passenger
(RubyGems)
May 13, 2022
express-cart allows any user to create an admin user
High
CVE-2018-12457
was published
for
express-cart
(npm)
May 13, 2022
Froxlor Incorrect Access Control
High
CVE-2018-12642
was published
for
froxlor/froxlor
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API