GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
85 advisories
Filter by severity
Kubernetes sets incorrect permissions on Windows containers logs
Moderate
CVE-2024-5321
was published
for
k8s.io/kubernetes
(Go)
Jul 18, 2024
Keycloak leaks configured LDAP bind credentials through the Keycloak admin console
Low
CVE-2024-5967
was published
for
org.keycloak:keycloak-ldap-federation
(Maven)
Jun 21, 2024
Duplicate Advisory: Keycloak: Leak of configured LDAP bind credentials
Low
GHSA-gmrm-8fx4-66x7
was published
for
org.keycloak:keycloak-core
(Maven)
Jun 18, 2024
•
withdrawn
langchain_experimental Code Execution via Python REPL access
High
CVE-2024-38459
was published
for
langchain-experimental
(pip)
Jun 16, 2024
Kaminari Insecure File Permissions Vulnerability
Moderate
CVE-2024-32978
was published
for
kaminari
(RubyGems)
May 28, 2024
ROTP 6.2.2 and 6.2.1 has 0666 permissions for the .rb files.
Moderate
CVE-2024-28862
was published
for
rotp
(RubyGems)
Mar 18, 2024
Apache Airflow: Incorrect Default Permissions in audit logs for Ops and Viewers users
Moderate
CVE-2024-26280
was published
for
apache-airflow
(pip)
Mar 1, 2024
Apache Superset has Incorrect Default Permissions
Moderate
CVE-2023-42501
was published
for
apache-superset
(pip)
Nov 27, 2023
Jenkins temporary plugin file created with insecure permissions
High
CVE-2023-43496
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Sep 20, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
nfpm has incorrect default permissions
High
CVE-2023-32698
was published
for
github.com/goreleaser/nfpm
(Go)
May 24, 2023
Jenkins SAML Single Sign On(SSO) Plugin missing permission checks
Moderate
CVE-2023-32996
was published
for
io.jenkins.plugins:miniorange-saml-sp
(Maven)
May 16, 2023
Jenkins AppSpider Plugin missing permission check
Moderate
CVE-2023-32999
was published
for
com.rapid7:jenkinsci-appspider-plugin
(Maven)
May 16, 2023
PowerJob vulnerable to Insecure Permissions
Moderate
CVE-2023-29923
was published
for
tech.powerjob:powerjob
(Maven)
Apr 19, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3101
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment
Moderate
CVE-2022-3146
was published
for
tripleo-ansible
(pip)
Mar 23, 2023
cilium-agent container can access the host via `hostPath` mount
Moderate
CVE-2023-27593
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36397
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials
Moderate
CVE-2023-23848
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions
Moderate
CVE-2023-23850
was published
for
org.jenkins-ci.plugins:synopsys-coverity
(Maven)
Feb 15, 2023
Apiman has insufficient checks for read permissions
High
GHSA-54r5-wr8x-x5v3
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Dec 20, 2022
Incorrect permission checks in Jenkins Support Core Plugin
Moderate
CVE-2022-45383
was published
for
org.jenkins-ci.plugins:support-core
(Maven)
Nov 16, 2022
Incorrect Default Permissions in Liferay Portal
Moderate
CVE-2022-42127
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
ProTip!
Advisories are also available from the
GraphQL API