GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,411 advisories
Filter by severity
Customizing functionality of SAP NetWeaver AS ABAP Platform (fixed in versions from 7.0 to 7.02,...
High
Unreviewed
CVE-2019-0257
was published
May 13, 2022
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 ...
High
Unreviewed
CVE-2019-0243
was published
May 13, 2022
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a...
Moderate
Unreviewed
CVE-2018-9548
was published
May 13, 2022
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve...
Moderate
Unreviewed
CVE-2018-9457
was published
May 13, 2022
In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, with variable edit...
Moderate
Unreviewed
CVE-2018-9039
was published
May 13, 2022
Tarantella Enterprise before 3.11 allows bypassing Access Control.
High
Unreviewed
CVE-2018-19754
was published
May 13, 2022
The skin-management feature in tianti 2.3 allows remote authenticated users to bypass intended...
Moderate
Unreviewed
CVE-2018-19110
was published
May 13, 2022
Incorrect Access Control in mod_inetd.cgi in VIVOTEK Network Camera Series products with firmware...
Moderate
Unreviewed
CVE-2018-18004
was published
May 13, 2022
EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task...
High
Unreviewed
CVE-2018-17490
was published
May 13, 2022
EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By...
High
Unreviewed
CVE-2018-17491
was published
May 13, 2022
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the...
Critical
Unreviewed
CVE-2018-16591
was published
May 13, 2022
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
High
Unreviewed
CVE-2018-10093
was published
May 13, 2022
Dolibarr arbitrary commands execution
High
CVE-2018-10092
was published
for
dolibarr/dolibarr
(Composer)
May 13, 2022
Incorrect permission checks in Pipeline: Nodes and Processes plugin
Moderate
CVE-2018-1000015
was published
for
org.jenkins-ci.plugins.workflow:workflow-durable-task-step
(Maven)
May 13, 2022
TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too...
Moderate
Unreviewed
CVE-2017-8217
was published
May 13, 2022
In the ServiceManager::add function in the hardware service manager, there is an insecure...
High
Unreviewed
CVE-2017-13209
was published
May 13, 2022
Jenkins Multijob plugin did not check permissions in the Resume Build action
Moderate
CVE-2017-1000390
was published
for
org.jenkins-ci.plugins:jenkins-multijob-plugin
(Maven)
May 13, 2022
Missing permission check in Jenkins Favorite Plugin
Moderate
CVE-2017-1000243
was published
for
org.jvnet.hudson.plugins:favorite
(Maven)
May 13, 2022
Jenkins Dependency Graph Viewer plugin vulnerable to missing permission checks
Moderate
CVE-2017-1000388
was published
for
org.jenkins-ci.plugins:depgraph-view
(Maven)
May 13, 2022
Missing Authorization in Jenkins
Moderate
CVE-2017-1000400
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Missing Authorization in Jenkins Blue Ocean Plugin
Moderate
CVE-2017-1000105
was published
for
io.jenkins.blueocean:blueocean
(Maven)
May 13, 2022
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings
High
CVE-2017-1000086
was published
for
org.jenkins-ci.plugins:periodicbackup
(Maven)
May 13, 2022
Missing permission check in Jenkins FTP publisher Plugin
Moderate
CVE-2019-1003059
was published
for
org.jvnet.hudson.plugins:ftppublisher
(Maven)
May 13, 2022
Missing permission check in Jenkins Audit to Database Plugin
Moderate
CVE-2019-1003077
was published
for
org.jenkins-ci.plugins:audit2db
(Maven)
May 13, 2022
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an...
Moderate
Unreviewed
CVE-2018-15429
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API