Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a... Critical Unreviewed
CVE-2019-14237 was published May 24, 2022
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices,... Critical Unreviewed
CVE-2019-14236 was published May 24, 2022
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches... Critical Unreviewed
CVE-2019-1912 was published May 24, 2022
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an... Critical Unreviewed
CVE-2019-7304 was published May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker moon2263
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network... Critical Unreviewed
CVE-2018-7245 was published May 13, 2022
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the... Critical Unreviewed
CVE-2018-19515 was published May 13, 2022
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports... Critical Unreviewed
CVE-2018-18815 was published May 13, 2022
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to... Critical Unreviewed
CVE-2018-13324 was published May 13, 2022
WebExtensions bundled with embedded experiments were not correctly checked for proper... Critical Unreviewed
CVE-2018-12369 was published May 13, 2022
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization... Critical Unreviewed
CVE-2018-1000155 was published May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed
CVE-2017-9855 was published May 13, 2022
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics... Critical Unreviewed
CVE-2017-9653 was published May 13, 2022
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation... Critical Unreviewed
CVE-2017-7512 was published May 13, 2022
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6... Critical Unreviewed
CVE-2017-17067 was published May 13, 2022
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx... Critical Unreviewed
CVE-2017-16743 was published May 13, 2022
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform... Critical Unreviewed
CVE-2017-7470 was published May 13, 2022
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Critical Unreviewed
CVE-2022-29423 was published May 7, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... Critical Unreviewed
CVE-2022-20777 was published May 5, 2022
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before... Critical Unreviewed
CVE-2022-29906 was published Apr 30, 2022
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed
CVE-2022-29081 was published Apr 29, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database