Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,300 advisories

Loading
Dancer::Plugin::SimpleCRUD 1.14 and earlier is affected by: Incorrect Access Control. The impact... Moderate Unreviewed
CVE-2019-1010084 was published May 24, 2022
Application permissions give additional remote troubleshooting permission to the site input... Moderate Unreviewed
CVE-2019-11724 was published May 24, 2022
The inline-create rest resource in Jira before version 7.12.3 allows authenticated remote... Moderate Unreviewed
CVE-2018-20826 was published May 24, 2022
The /rest/issueNav/1/issueTable resource in Jira before version 8.3.2 allows remote attackers to... Moderate Unreviewed
CVE-2019-8446 was published May 24, 2022
This vulnerability allows a normal (non-admin) user to disable the Forcepoint One Endpoint ... Moderate Unreviewed
CVE-2019-6144 was published May 24, 2022
In VMware SD-WAN by VeloCloud versions 3.x prior to 3.3.0, the VeloCloud Orchestrator parameter... Moderate Unreviewed
CVE-2019-5533 was published May 24, 2022
A vulnerability in the web conference chat component of MiCollab, versions 7.3 PR6 (7.3.0.601)... Moderate Unreviewed
CVE-2018-18819 was published May 24, 2022
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper... Moderate Unreviewed
CVE-2019-5231 was published May 24, 2022
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed... Moderate Unreviewed
CVE-2019-13716 was published May 24, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 77.0.3865.75 allowed an... Moderate Unreviewed
CVE-2019-5879 was published May 24, 2022
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls. Moderate Unreviewed
CVE-2016-3131 was published May 24, 2022
Cloud Foundry Cloud Controller API (CAPI), version 1.88.0, allows space developers to list all... Moderate Unreviewed
CVE-2019-11294 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which... Moderate Unreviewed
CVE-2019-4343 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the... Moderate Unreviewed
CVE-2019-5474 was published May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com... Moderate Unreviewed
CVE-2020-8495 was published May 24, 2022
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client... Moderate Unreviewed
CVE-2020-5855 was published May 24, 2022
A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka... Moderate Unreviewed
CVE-2020-0702 was published May 24, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a... Moderate Unreviewed
CVE-2020-6380 was published May 24, 2022
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0... Moderate Unreviewed
CVE-2020-9379 was published May 24, 2022
This was addressed with additional checks by Gatekeeper on files mounted through a network share.... Moderate Unreviewed
CVE-2020-3866 was published May 24, 2022
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects... Moderate Unreviewed
CVE-2020-9399 was published May 24, 2022
Missing permission checks in Mac Plugin Moderate
CVE-2020-2148 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
In several functions of NotificationManagerService.java, there are missing permission checks.... Moderate Unreviewed
CVE-2020-0084 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database