Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,145
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

526 advisories

Loading
Incorrect Authorization in MySQL Connector Java Moderate
CVE-2021-2471 was published for mysql:mysql-connector-java (Maven) May 24, 2022
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
OpenStack Neutron vulnerable to hardware address impersonation High
CVE-2021-38598 was published for neutron (pip) May 24, 2022
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers High
CVE-2021-33335 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Xen Orchestra Mishandles Authorization Moderate
CVE-2021-36383 was published for xo-server (npm) May 24, 2022
Improper permission checks allow canceling queue items and aborting builds in Jenkins Moderate
CVE-2021-21670 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials Moderate
CVE-2021-21664 was published for com.xebialabs.deployit.ci:deployit-plugin (Maven) May 24, 2022
NotMyFault
Istio Authorization Bypass Vulnerability Moderate
CVE-2021-31920 was published for istio.io/istio (Go) May 24, 2022 withdrawn
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs Moderate
CVE-2021-21643 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21624 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21623 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
OpenNMS Horizon RCE via JEXL2 expression High
CVE-2021-3396 was published for org.opennms.features:org.opennms.features.measurements (Maven) May 24, 2022
MantisBT Incorrect Authorization in bug_actiongroup_page.php Moderate
CVE-2020-29605 was published for mantisbt/mantisbt (Composer) May 24, 2022
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
MantisBT Incorrect Authorization for bug_revision_view_page.php check High
CVE-2020-35849 was published for mantisbt/mantisbt (Composer) May 24, 2022
WooCommerce Incorrect Authorization Moderate
CVE-2020-29156 was published for woocommerce/woocommerce (Composer) May 24, 2022
Information leak in Gerrit Low
CVE-2020-8920 was published for com.google.gerrit:gerrit-plugin-api (Maven) May 24, 2022
q5438722
Magento 2 Community Edition Incorrect Authorization Moderate
CVE-2020-24401 was published for magento/community-edition (Composer) May 24, 2022
Duplicate Advisory: Unauthorized privilege escalation in Mod module High
GHSA-q886-75m2-vff8 was published for red-discordbot (pip) May 24, 2022 withdrawn
Improper authorization due to caching in Jenkins Role-based Authorization Strategy Plugin High
CVE-2020-2286 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
MantisBT unauthorized users able to access private files Moderate
CVE-2020-25781 was published for mantisbt/mantisbt (Composer) May 24, 2022
Incorrect permission check in Health Advisor by CloudBees Plugin Moderate
CVE-2020-2258 was published for org.jenkins-ci.plugins:cloudbees-jenkins-advisor (Maven) May 24, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database