Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Incorrect Authorization in MySQL Connector Java Moderate
CVE-2021-2471 was published for mysql:mysql-connector-java (Maven) May 24, 2022
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Xen Orchestra Mishandles Authorization Moderate
CVE-2021-36383 was published for xo-server (npm) May 24, 2022
Improper permission checks allow canceling queue items and aborting builds in Jenkins Moderate
CVE-2021-21670 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
Istio Authorization Bypass Vulnerability Moderate
CVE-2021-31920 was published for istio.io/istio (Go) May 24, 2022 withdrawn
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Moderate
CVE-2021-21643 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21624 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21623 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
WooCommerce Incorrect Authorization Moderate
CVE-2020-29156 was published for woocommerce/woocommerce (Composer) May 24, 2022
Magento 2 Community Edition Incorrect Authorization Moderate
CVE-2020-24401 was published for magento/community-edition (Composer) May 24, 2022
Incorrect permission check in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2258 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
Missing permission check in Jenkins Pipeline Maven Integration Plugin allows enumerating credentials IDs Moderate
CVE-2020-2233 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
Magento security mitigation bypass vulnerability Moderate
CVE-2020-9692 was published for magento/community-edition (Composer) May 24, 2022
Users with Overall/Read access can enumerate credentials IDs in Amazon EC2 Plugin Moderate
CVE-2020-2188 was published for org.jenkins-ci.plugins:ec2 (Maven) May 24, 2022
NotMyFault
Missing permission checks in Mac Plugin Moderate
CVE-2020-2148 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
Plone's authenticated users able to alter their password despite of policy definition Moderate
CVE-2013-4198 was published for Plone (pip) May 17, 2022
Publify exposes article metadata Moderate
CVE-2022-1553 was published for publify_core (RubyGems) May 17, 2022
Publify Incorrect Authorization Moderate
CVE-2022-0574 was published for publify_core (RubyGems) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database