GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,014
Erlang
29
GitHub Actions
16
Go
1,812
Maven
5,000+
npm
3,557
NuGet
632
pip
3,150
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Kubean vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
Kubernetes sets incorrect permissions on Windows containers logs
Moderate
CVE-2024-5321
was published
for
k8s.io/kubernetes
(Go)
Jul 18, 2024
Incorrect Default Permissions in Apache Tomcat
High
CVE-2020-8022
was published
for
org.apache.tomcat:tomcat
(Maven)
Feb 9, 2022
•
withdrawn
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
Low
GHSA-gmrm-8fx4-66x7
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 18, 2024
•
withdrawn
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
nfpm has incorrect default permissions
High
CVE-2023-32698
was published
for
github.com/goreleaser/nfpm
(Go)
May 24, 2023
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
OpenStack Manila Unprivileged users can retrieve, use and manipulate share networks
High
CVE-2020-9543
was published
for
manila
(pip)
May 24, 2022
Dolibarr Stored Cross-site Scripting
Moderate
CVE-2020-13240
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Drupal Core Access bypass vulnerability
Moderate
CVE-2020-13667
was published
for
drupal/core
(Composer)
May 24, 2022
Incorrect Default Permissions in Beego
Moderate
CVE-2019-16355
was published
for
github.com/astaxie/beego
(Go)
May 24, 2022
Information disclosure in the Contao backend
Moderate
CVE-2019-19712
was published
for
contao/contao
(Composer)
Dec 17, 2019
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Django Incorrect Default Permissions
High
CVE-2020-24584
was published
for
django
(pip)
Mar 18, 2021
Django allows unintended model editing
Moderate
CVE-2019-19118
was published
for
django
(pip)
Dec 4, 2019
Apache Tomcat may be started without proper security settings
High
CVE-2002-0493
was published
for
org.apache.tomcat:tomcat
(Maven)
Apr 30, 2022
Silverstripe has Incorrect Default Permissions
Moderate
CVE-2020-6165
was published
for
silverstripe/graphql
(Composer)
May 24, 2022
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials
Moderate
CVE-2023-23848
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Jenkins Build Step Plugin fails to check Item/Build permission
Moderate
CVE-2017-1000089
was published
for
org.jenkins-ci.plugins:pipeline-build-step
(Maven)
May 13, 2022
Missing permission checks in AWS Credentials Plugin
Moderate
CVE-2022-27199
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
Incorrect Default Permissions in log4js
Moderate
CVE-2022-21704
was published
for
log4js
(npm)
Jan 21, 2022
Moodle Incorrect Default Settings
Moderate
CVE-2011-4285
was published
for
moodle/moodle
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API