Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD> High
GHSA-34qg-65m4-f23m was published for froxlor/froxlor (Composer) Aug 23, 2024
hardfalcon
Kubean vulnerable to cluster-level privilege escalation Moderate
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman
snapd failed to restrict writes to the $HOME/bin path Moderate
CVE-2024-1724 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources High
CVE-2021-25318 was published for github.com/rancher/rancher (Go) Apr 24, 2024
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities Moderate
CVE-2022-24769 was published for github.com/docker/docker (Go) Apr 22, 2024
AndrewGMorgan
WiX based installers are vulnerable to binary hijack when run as SYSTEM High
CVE-2024-29187 was published for WixToolset.Sdk (NuGet) Mar 25, 2024
KNaceri rohitmothe
Apache Solr Schema Designer blindly "trusts" all configsets Low
CVE-2023-50292 was published for org.apache.solr:solr-core (Maven) Feb 9, 2024
Spring Security's spring-security.xsd file is world writable Moderate
CVE-2023-34042 was published for org.springframework.security:spring-security-config (Maven) Feb 6, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm AlonZa
neersighted
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter Moderate
CVE-2023-48714 was published for silverstripe/framework (Composer) Jan 23, 2024
Local Privilege Escalation in Windows High
CVE-2023-49797 was published for pyinstaller (pip) Dec 9, 2023
xxl-job-admin vulnerable to Insecure Permissions Moderate
CVE-2023-48087 was published for com.xuxueli:xxl-job-admin (Maven) Nov 15, 2023
Decidim has broken access control in templates High
CVE-2023-36465 was published for decidim (RubyGems) Oct 5, 2023
andreslucena
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability High
CVE-2023-5077 was published for github.com/hashicorp/vault (Go) Sep 29, 2023
Cargo not respecting umask when extracting crate archives High
CVE-2023-38497 was published for cargo (Rust) Aug 3, 2023
addisoncrump pietroalbini
weihanglo ehuss cuviper Manishearth
Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability High
CVE-2023-31453 was published for org.apache.inlong:manager-service (Maven) Jul 6, 2023
Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource High
CVE-2023-31454 was published for org.apache.inlong:manager-service (Maven) Jul 6, 2023
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin Moderate
CVE-2023-35147 was published for org.jenkins-ci.plugins:aws-codecommit-trigger (Maven) Jun 14, 2023
Insecure Temporary File in HuTool High
CVE-2023-33695 was published for cn.hutool:hutool-core (Maven) Jun 13, 2023
Jenkins File Parameter Plugin arbitrary file write vulnerability High
CVE-2023-32986 was published for io.jenkins.plugins:file-parameters (Maven) May 16, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
Jenkins Email Extension Plugin missing permission check Moderate
CVE-2023-32979 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32990 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
ProTip! Advisories are also available from the GraphQL API