GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Improper Privilege Management in Neo4j Graph Database
High
CVE-2021-34802
was published
for
org.neo4j:neo4j-kernel
(Maven)
May 24, 2022
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Improper privilege management in elasticsearch
Moderate
CVE-2020-7019
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Improper Privilege Management in Elasticsearch
High
CVE-2020-7009
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Improper Privilege Management in craftercms
Moderate
CVE-2021-23265
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Improper Privilege Management in MySQL Connectors Java
High
CVE-2018-3258
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
Moderate
CVE-2018-1999032
was published
for
org.jenkins-ci.plugins:pangolin-testrail-connector
(Maven)
May 13, 2022
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
High
CVE-2018-1000866
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Improper Privilege Management in Jenkins
High
CVE-2018-1000865
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Improper Privilege Management in Jenkins Config File Provider Plugin
Moderate
CVE-2017-1000104
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 13, 2022
Improper Privilege Management in X-Pack
Moderate
CVE-2017-8446
was published
for
org.elasticsearch.plugin:x-pack
(Maven)
May 13, 2022
Cloud Foundry UAA Identity Zone Admin Privilege Escalation
Moderate
CVE-2017-8032
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA password reset vulnerability
High
CVE-2017-4991
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA privilege escalation with user invitations
Critical
CVE-2017-4992
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA Privilege Escalation
High
CVE-2017-4973
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
PostgreSQL PL/Java Improper Privilege Management
Moderate
CVE-2016-0767
was published
for
postgresql:pljava-public
(Maven)
May 13, 2022
Elasticsearch privilege escalation
Moderate
CVE-2022-23708
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 4, 2022
Improper Access Control in infinispan-server-runtime
Moderate
CVE-2020-25711
was published
for
org.infinispan:infinispan-core
(Maven)
Feb 9, 2022
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Moderate
CVE-2022-23117
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Improper privilege management in Keycloak
High
CVE-2020-14389
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 10, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
ProTip!
Advisories are also available from the
GraphQL API