Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
Privilege escalation vulnerability in Apache Hadoop High
CVE-2018-8029 was published for org.apache.hadoop:hadoop-main (Maven) May 31, 2019
2FA bypass through deleting devices in wagtail-2fa High
CVE-2020-5240 was published for wagtail-2fa (pip) Mar 13, 2020
Information disclosure in parse-server High
CVE-2020-5251 was published for parse-server (npm) Mar 4, 2020
davimacedo
Read permissions not enforced for client provided filter expressions in Elide. High
CVE-2020-5289 was published for com.yahoo.elide:elide-core (Maven) Mar 30, 2020
Improper Authorization in googleapis High
GHSA-7543-mr7h-6v86 was published for googleapis (npm) Sep 2, 2020
Improper Authentication in Keycloak High
CVE-2018-14637 was published for org.keycloak:keycloak-core (Maven) Dec 21, 2018
Improper Authorization in @sap-cloud-sdk/core High
GHSA-r2vw-jgq9-jqx2 was published for @sap-cloud-sdk/core (npm) Sep 3, 2020
Improper Authorization in loopback High
GHSA-8wgc-jjvv-cv6v was published for loopback (npm) Sep 2, 2020
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper Authorization in org.apache.hbase:hbase High
CVE-2019-0212 was published for org.apache.hbase:hbase (Maven) Apr 2, 2019
Improper Authorization in cobbler High
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Improper Authorization in Apache Xalan-Java High
CVE-2014-0107 was published for xalan:xalan (Maven) May 13, 2022
Improper Authorization in Undertoe High
CVE-2020-1745 was published for io.undertow:undertow-core (Maven) May 24, 2022
XWiki Platform Improper Authorization check for inactive users High
CVE-2022-36090 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
XWiki users registered with email verification can self re-activate their disabled accounts High
CVE-2021-32620 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed High
CVE-2022-4147 was published for io.quarkus:quarkus-vertx-http (Maven) Dec 6, 2022
OpenFGA Authorization Bypass High
CVE-2022-23542 was published for github.com/openfga/openfga (Go) Dec 20, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
Malicious takeover of previously owned ENS names High
CVE-2020-5232 was published for @ensdomains/ens (npm) Jan 30, 2020
Missing permission checks in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2097 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
Improper Authorization in Jenkins Core High
CVE-2019-1003004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
Privilege escalation in Presto High
CVE-2020-15087 was published for io.prestosql:presto-server (Maven) Jun 30, 2020
usememos/memos vulnerable to improper authorization High
CVE-2022-4688 was published for github.com/usememos/memos (Go) Dec 23, 2022
ProTip! Advisories are also available from the GraphQL API