GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
54 advisories
Filter by severity
Doorkeeper subject to Incorrect Permission Assignment
High
CVE-2018-1000211
was published
for
doorkeeper
(RubyGems)
Aug 13, 2018
Improper Access Control in Shopware
High
CVE-2022-24872
was published
for
shopware/core
(Composer)
Apr 22, 2022
Incorrect Permission Assignment for Critical Resource in NPM
High
CVE-2018-7408
was published
for
npm
(npm)
May 13, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
Exposure of Sensitive Information to an Unauthorized Actor
High
CVE-2021-32717
was published
for
shopware/platform
(Composer)
Sep 8, 2021
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
High severity vulnerability that affects org.scala-lang:scala-compiler
High
CVE-2017-15288
was published
for
org.scala-lang:scala-compiler
(Maven)
Oct 19, 2018
Code injection in Apache Druid
High
CVE-2021-25646
was published
for
org.apache.druid:druid
(Maven)
Jun 16, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Insecure Inherited Permissions in neoan3-apps/template
High
CVE-2021-41170
was published
for
neoan3-apps/template
(Composer)
Nov 10, 2021
raspap-webgui in RaspAP 2.6.6 allows attackers to execute commands as root because of the insecure sudoers permissions.
High
CVE-2021-38557
was published
for
billz/raspap-webgui
(Composer)
Sep 2, 2021
Insecure Permissions issue in jeecg-boot
High
CVE-2021-37305
was published
for
org.jeecgframework.boot:jeecg-boot-base
(Maven)
Feb 3, 2023
Insecure Permissions issue in jeecg-boot
High
CVE-2021-37304
was published
for
org.jeecgframework.boot:jeecg-boot-base
(Maven)
Feb 3, 2023
Insecure Permissions issue in jeecg-boot
High
CVE-2021-37306
was published
for
org.jeecgframework.boot:jeecg-boot-base
(Maven)
Feb 3, 2023
Incorrect Access Control in Phusion Passenger
High
CVE-2018-12028
was published
for
passenger
(RubyGems)
May 13, 2022
Talos worker join token can be used to get elevated access level to the Talos API
High
CVE-2022-36103
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Apache ShenYu Admin has insecure permissions
High
CVE-2022-37435
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Sep 2, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Ruby_parser-legacy Incorrect Permission Assignment for Critical Resource
High
CVE-2019-18409
was published
for
ruby_parser-legacy
(RubyGems)
Oct 25, 2019
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
MODX Revolution Incorrect Access Control vulnerability
High
CVE-2018-1000207
was published
for
modx/revolution
(Composer)
May 13, 2022
Statamic framework Incorrect Permission Assignment
High
CVE-2017-11422
was published
for
statamic/cms
(Composer)
May 13, 2022
Decidim has broken access control in templates
High
CVE-2023-36465
was published
for
decidim
(RubyGems)
Oct 5, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
High
CVE-2023-32992
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
ProTip!
Advisories are also available from the
GraphQL API