Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,428 advisories

Loading
Missing permission check in Jenkins Netsparker Cloud Scan Plugin Moderate
CVE-2019-10290 was published for org.jenkins-ci.plugins:netsparker-cloud-scan (Maven) May 13, 2022
It was found that the superexec operator was available in the internal dictionary in ghostscript... Moderate Unreviewed
CVE-2019-3835 was published May 13, 2022
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is... High Unreviewed
CVE-2019-3879 was published May 13, 2022
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization,... High Unreviewed
CVE-2015-8840 was published May 13, 2022
In MISP 2.4.102, an authenticated user can view sightings that they should not be eligible for.... Moderate Unreviewed
CVE-2019-9482 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Moderate Unreviewed
CVE-2019-9171 was published May 13, 2022
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config... Critical Unreviewed
CVE-2019-9002 was published May 13, 2022
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google... High Unreviewed
CVE-2019-5774 was published May 13, 2022
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03;... High Unreviewed
CVE-2018-2484 was published May 13, 2022
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access... High Unreviewed
CVE-2018-2503 was published May 13, 2022
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by... High Unreviewed
CVE-2017-9036 was published May 13, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
An incorrect permissions check was discovered in libvirt 4.8.0 and above. The readonly permission... Moderate Unreviewed
CVE-2019-3886 was published May 13, 2022
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's... High Unreviewed
CVE-2018-7792 was published May 13, 2022
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote... Moderate Unreviewed
CVE-2012-4245 was published May 13, 2022
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus... High Unreviewed
CVE-2019-9924 was published May 13, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed
CVE-2018-4059 was published May 13, 2022
A backdoor vulnerability exists in remote control functionality of Circle with Disney running... Moderate Unreviewed
CVE-2017-12084 was published May 13, 2022
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary... High Unreviewed
CVE-2022-29611 was published May 12, 2022
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper... High Unreviewed
CVE-2022-1442 was published May 11, 2022
In getArray of NotificationManagerService.java , there is a possible leak of one user... Moderate Unreviewed
CVE-2022-20011 was published May 11, 2022
In broadcastServiceStateChanged of TelephonyRegistry.java, there is a possible way to learn base... Moderate Unreviewed
CVE-2022-20115 was published May 11, 2022
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing... High Unreviewed
CVE-2021-39738 was published May 11, 2022
In getNodeValue of USCCDMPlugin.java, there is a possible disclosure of ICCID due to a missing... Moderate Unreviewed
CVE-2022-20121 was published May 11, 2022
IBM Navigator for i 7.2, 7.3, and 7.4 (heritage version) could allow a remote attacker to obtain... Moderate Unreviewed
CVE-2022-22481 was published May 10, 2022
ProTip! Advisories are also available from the GraphQL API