Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

199 advisories

Loading
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24192 was published May 24, 2022
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure... High Unreviewed
CVE-2020-27779 was published May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials High
CVE-2020-2234 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
Improper Authorization in Undertoe High
CVE-2020-1745 was published for io.undertow:undertow-core (Maven) May 24, 2022
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2117 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2097 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-12671 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA)... High Unreviewed
CVE-2019-1934 was published May 24, 2022
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). High Unreviewed
CVE-2018-20945 was published May 24, 2022
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). High Unreviewed
CVE-2016-10848 was published May 24, 2022
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). High Unreviewed
CVE-2016-10859 was published May 24, 2022
An issue was discovered in PrinterOn Central Print Services (CPS) through 4.1.4. The core... High Unreviewed
CVE-2018-17210 was published May 24, 2022
GitLab EE, versions 8.3 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, is... High Unreviewed
CVE-2018-19581 was published May 24, 2022
GitLab CE/EE, versions 8.8 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1,... High Unreviewed
CVE-2018-19569 was published May 24, 2022
The provided secure solrconfig.xml sample configuration does not enforce Sentry authorization on ... High Unreviewed
CVE-2017-9325 was published May 24, 2022
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to... High Unreviewed
CVE-2017-8409 was published May 24, 2022
Moodle all messaging conversations could be viewed High
CVE-2019-10154 was published for moodle/moodle (Composer) May 24, 2022
MarkLee131
Truncated access authentication token leads to weakened access control for stored secure... High Unreviewed
CVE-2018-13908 was published May 24, 2022
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a),... High Unreviewed
CVE-2019-6581 was published May 24, 2022
A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a),... High Unreviewed
CVE-2019-6582 was published May 24, 2022
An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5... High Unreviewed
CVE-2018-13382 was published May 24, 2022
Open-Xchange GmbH OX Cloud Plugins 1.4.0 and earlier is affected by: Missing Authorization. High Unreviewed
CVE-2017-8777 was published May 24, 2022
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches... High Unreviewed
CVE-2019-1859 was published May 24, 2022
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon... High Unreviewed
CVE-2016-4531 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database