Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

305 advisories

Loading
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate
CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Access control bypass in Apache ZooKeeper Moderate
CVE-2019-0201 was published for org.apache.zookeeper:zookeeper (Maven) May 29, 2019
Missing Authorization in Drupal Moderate
CVE-2017-6923 was published for drupal/core (Composer) Oct 10, 2019
Ability to change order address without triggering address validations in solidus Moderate
CVE-2020-15109 was published for solidus_api (RubyGems) Aug 4, 2020
mamhoff kennyadsl
Privilege Escalation in Channelmgnt plug-in for Sopel Moderate
CVE-2020-15251 was published for sopel-plugins-channelmgnt (pip) Oct 13, 2020
RhinosF1
Ability to switch customer email address on account detail page and stay verified Moderate
CVE-2020-15245 was published for sylius/sylius (Composer) Oct 19, 2020
decemvre
Twig Sandbox Escape by authenticated users with access to editing CMS templates when safemode is enabled. Moderate
CVE-2020-15247 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Bypass of fix for CVE-2020-26231, Twig sandbox escape Moderate
CVE-2021-21264 was published for october/cms (Composer) May 4, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor Moderate
CVE-2020-13794 was published for github.com/goharbor/harbor (Go) May 24, 2021
Missing Authorization in Jenkins Kubernetes CLI Plugin Moderate
CVE-2021-21661 was published for org.jenkins-ci.plugins:kubernetes-cli (Maven) Jun 16, 2021
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21650 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing Authorization in Jenkins S3 publisher Plugin Moderate
CVE-2021-21651 was published for org.jenkins-ci.plugins:s3 (Maven) Jun 16, 2021
westonsteimel
Missing Authorization in jenkins xray-connector Moderate
CVE-2021-21653 was published for org.jenkins-ci.plugins:xray-connector (Maven) Jun 16, 2021
Missing Authorization in Jenkins P4 plugin Moderate
CVE-2021-21654 was published for org.jenkins-ci.plugins:p4 (Maven) Jun 16, 2021
NotMyFault
Missing Authorization in TYPO3 extension Moderate
CVE-2020-12698 was published for directmailteam/direct-mail (Composer) Jul 26, 2021
Missing Authorization in TYPO3 extension Moderate
CVE-2020-12700 was published for directmailteam/direct-mail (Composer) Jul 26, 2021
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22108 was published for bottelet/flarepoint (Composer) Jan 8, 2022
ProTip! Advisories are also available from the GraphQL API