GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,049
Erlang
29
GitHub Actions
18
Go
1,871
Maven
5,000+
npm
3,597
NuGet
638
pip
3,198
Pub
10
RubyGems
852
Rust
809
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,542 advisories
Filter by severity
An issue was discovered on TerraMaster FS-210 4.0.19 devices. One can download backup files...
High
Unreviewed
CVE-2019-18383
was published
May 24, 2022
Missing permission check in Jenkins Rundeck Plugin
Moderate
CVE-2019-10455
was published
for
org.jenkins-ci.plugins:rundeck
(Maven)
May 24, 2022
Missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin
Moderate
CVE-2019-10457
was published
for
org.jenkins-ci.plugins:oracle-cloud-infrastructure-compute-classic
(Maven)
May 24, 2022
Jenkins iceScrum Plugin vulnerable to Missing Authorization
Moderate
CVE-2019-10442
was published
for
org.jenkins-ci.plugins:icescrum
(Maven)
May 24, 2022
Missing permission checks in Google Kubernetes Engine Jenkins Plugin
Moderate
CVE-2019-10445
was published
for
org.jenkins-ci.plugins:google-kubernetes-engine
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to credentials enumeration via Missing Authorization
Moderate
CVE-2019-10439
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Jenkins CRX Content Package Deployer Plugin subject to Missing Authorization
Moderate
CVE-2019-10438
was published
for
org.jenkins-ci.plugins:crx-content-package-deployer
(Maven)
May 24, 2022
Glue Smart Lock 2.7.8 devices do not properly block guest access in certain situations where the...
High
Unreviewed
CVE-2019-12944
was published
May 24, 2022
In ScreenRotationAnimation of ScreenRotationAnimation.java, there is a possible capture of a...
Moderate
Unreviewed
CVE-2019-2110
was published
May 24, 2022
SAP NetWeaver Process Integration (B2B Toolkit), before versions 1.0 and 2.0, does not perform...
Moderate
Unreviewed
CVE-2019-0367
was published
May 24, 2022
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel...
Low
Unreviewed
CVE-2019-17055
was published
May 24, 2022
In the settings UI, there is a possible spoofing vulnerability due to a missing permission check....
Moderate
Unreviewed
CVE-2019-9380
was published
May 24, 2022
In FingerprintService, there is a possible bypass for operating system protections that isolate...
Low
Unreviewed
CVE-2019-9377
was published
May 24, 2022
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate...
Low
Unreviewed
CVE-2019-9351
was published
May 24, 2022
In the Wallpaper Manager service, there is a possible information disclosure due to a missing...
Moderate
Unreviewed
CVE-2019-9323
was published
May 24, 2022
MediaWiki information disclosure
Moderate
CVE-2019-16738
was published
for
mediawiki/core
(Composer)
May 24, 2022
Missing permission check in Jenkins Project Inheritance Plugin
Moderate
CVE-2019-10409
was published
for
hudson.plugins:project-inheritance
(Maven)
May 24, 2022
Dino before 2019-09-10 does not check roster push authorization in module/roster/module.vala.
High
Unreviewed
CVE-2019-16236
was published
May 24, 2022
The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The...
High
Unreviewed
CVE-2019-11248
was published
May 24, 2022
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before...
Moderate
Unreviewed
CVE-2019-8445
was published
May 24, 2022
Little Snitch versions 4.3.0 to 4.3.2 have a local privilege escalation vulnerability in their...
Moderate
Unreviewed
CVE-2019-13013
was published
May 24, 2022
In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a...
Moderate
Unreviewed
CVE-2019-2137
was published
May 24, 2022
The Access Control plugin in eProsima Fast RTPS through 1.9.0 does not check partition...
High
Unreviewed
CVE-2019-15136
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API