Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

130 advisories

Loading
Fluent Fluentd and Fluent-ui use default password High
CVE-2020-21514 was published for fluentd-ui (RubyGems) Apr 4, 2023
kenhys
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
Moodle has Incorrect Default Permissions Moderate
CVE-2021-36397 was published for moodle/moodle (Composer) Mar 7, 2023
Moodle has Incorrect Default Permissions Moderate
CVE-2021-36400 was published for moodle/moodle (Composer) Mar 7, 2023
CSRF vulnerability in Jenkins Coverity Plugin allow capturing credentials Moderate
CVE-2023-23848 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Synopsys Jenkins Coverity Plugin has Incorrect Default Permissions Moderate
CVE-2023-23850 was published for org.jenkins-ci.plugins:synopsys-coverity (Maven) Feb 15, 2023
Duplicate Advisory: Apiman has insufficient checks for read permissions High
GHSA-54r5-wr8x-x5v3 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Dec 20, 2022 withdrawn
msavy
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42130 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42127 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Incorrect Default Permissions in Liferay Portal Moderate
CVE-2022-42128 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Liferay Portal Insecure Default Configuration in auth.login.prompt.enabled Moderate
CVE-2022-41414 was published for com.liferay.portal:com.liferay.portal.impl (Maven) Oct 7, 2022
parse-server's session object properties can be updated by foreign user if object ID is known Moderate
CVE-2022-39225 was published for parse-server (npm) Sep 21, 2022
ansible-runner has default temporary files written to world R/W locations Moderate
CVE-2021-3701 was published for ansible-runner (pip) Aug 24, 2022
Octokit gem published with world-writable files Low
CVE-2022-31072 was published for octokit (RubyGems) Jun 15, 2022
Octopoller gem published with world-writable files Low
CVE-2022-31071 was published for octopoller (RubyGems) Jun 15, 2022
Incorrect Default Permissions in Beego Moderate
CVE-2019-16355 was published for github.com/astaxie/beego (Go) May 24, 2022
Access to Unix domain socket can lead to privileges escalation in Cilium High
CVE-2022-29178 was published for github.com/cilium/cilium (Go) May 24, 2022
daniel-f3 danmx
Liferay Portal and Liferay DXP does not properly check user permission Moderate
CVE-2021-33327 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Don't Check Permissions of Pages Moderate
CVE-2021-33324 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Properly Check User Permissions Moderate
CVE-2021-33334 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Check User Permissions for Workflow Submissions Moderate
CVE-2021-33333 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Liferay Portal and Liferay DXP Fails to Check Permissions Moderate
CVE-2021-29052 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database