GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
180 advisories
Filter by severity
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Authorization Bypass in I hate money
Moderate
CVE-2020-15120
was published
for
ihatemoney
(pip)
Jul 27, 2020
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
Incorrect Authorization in cross-fetch
Moderate
CVE-2022-1365
was published
for
cross-fetch
(npm)
Apr 17, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2017-2599
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Undertow
Moderate
CVE-2017-12196
was published
for
io.undertow:undertow-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins
Moderate
CVE-2018-1999047
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Incorrect Authorization in Jenkins Git Plugin
Moderate
CVE-2018-1000110
was published
for
org.jenkins-ci.plugins:git
(Maven)
May 13, 2022
Permissions not properly checked in Invenio-Drafts-Resources
Moderate
CVE-2021-43781
was published
for
invenio-app-rdm
(pip)
Dec 6, 2021
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
Encoded URIs can access WEB-INF directory in Eclipse Jetty
Moderate
CVE-2021-34429
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Jul 19, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
Android WebView Universal Cross-site Scripting
Moderate
CVE-2020-6506
was published
for
react-native-webview
(npm)
Oct 2, 2020
Incorrect Authorization in MySQL Connector Java
Moderate
CVE-2021-2471
was published
for
mysql:mysql-connector-java
(Maven)
May 24, 2022
Access control issue in AlekSIS-Core
Moderate
CVE-2022-29773
was published
for
aleksis-core
(pip)
Jun 4, 2022
Incorrect Authorization in thinkcmf
Moderate
CVE-2021-40616
was published
for
thinkcmf/thinkcmf
(Composer)
Jun 15, 2022
NT auth module vulnerability in OpenAM
Moderate
CVE-2022-34298
was published
for
org.openidentityplatform.openam:openam-core
(Maven)
Jun 24, 2022
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
Moderate
CVE-2022-31153
was published
for
openzeppelin-cairo-contracts
(pip)
Jul 15, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
Incorrect Authorization in Jenkins requests-plugin
Moderate
CVE-2022-34782
was published
for
org.jenkins-ci.plugins:requests
(Maven)
Jul 1, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin
Moderate
CVE-2022-34814
was published
for
org.jenkins-ci.plugins:rrod
(Maven)
Jul 1, 2022
Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-22134
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
ProTip!
Advisories are also available from the
GraphQL API