Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,542 advisories

An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files... High Unreviewed
CVE-2019-18383 was published May 24, 2022
Missing permission check in Jenkins Rundeck Plugin Moderate
CVE-2019-10455 was published for org.jenkins-ci.plugins:rundeck (Maven) May 24, 2022
Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin Moderate
CVE-2019-10457 was published for org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic (Maven) May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization Moderate
CVE-2019-10442 was published for org.jenkins-ci.plugins:icescrum (Maven) May 24, 2022
Missing permission checks in Google Kubernetes Engine Jenkins Plugin Moderate
CVE-2019-10445 was published for org.jenkins-ci.plugins:google-kubernetes-engine (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization Moderate
CVE-2019-10439 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization Moderate
CVE-2019-10438 was published for org.jenkins-ci.plugins:crx-content-package-deployer (Maven) May 24, 2022
Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the... High Unreviewed
CVE-2019-12944 was published May 24, 2022
In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a... Moderate Unreviewed
CVE-2019-2110 was published May 24, 2022
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform... Moderate Unreviewed
CVE-2019-0367 was published May 24, 2022
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel... Low Unreviewed
CVE-2019-17055 was published May 24, 2022
In the settings UI, there is a possible spoofing vulnerability due to a missing permission check.... Moderate Unreviewed
CVE-2019-9380 was published May 24, 2022
In FingerprintService, there is a possible bypass for operating system protections that isolate... Low Unreviewed
CVE-2019-9377 was published May 24, 2022
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate... Low Unreviewed
CVE-2019-9351 was published May 24, 2022
In the Wallpaper Manager service, there is a possible information disclosure due to a missing... Moderate Unreviewed
CVE-2019-9323 was published May 24, 2022
MediaWiki information disclosure Moderate
CVE-2019-16738 was published for mediawiki/core (Composer) May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin Moderate
CVE-2019-10409 was published for hudson.plugins:project-inheritance (Maven) May 24, 2022
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala. High Unreviewed
CVE-2019-16236 was published May 24, 2022
Total.js CMS Unauthorized Access High
CVE-2019-15953 was published for total4 (npm) May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The... High Unreviewed
CVE-2019-11248 was published May 24, 2022
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before... Moderate Unreviewed
CVE-2019-8445 was published May 24, 2022
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their... Moderate Unreviewed
CVE-2019-13013 was published May 24, 2022
In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a... Moderate Unreviewed
CVE-2019-2137 was published May 24, 2022
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition... High Unreviewed
CVE-2019-15136 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API