Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

58 advisories

Loading
Improper Privilege Management in Neo4j Graph Database High
CVE-2021-34802 was published for org.neo4j:neo4j-kernel (Maven) May 24, 2022
Improper Privilege Management in Spring Framework High
CVE-2021-22118 was published for org.springframework:spring-web (Maven) May 24, 2022
catch22out
Improper privilege management in elasticsearch Moderate
CVE-2020-7019 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
westonsteimel
Improper Privilege Management in Elasticsearch High
CVE-2020-7009 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Unescaped control characters in Gitblit Critical
CVE-2022-31267 was published for com.gitblit:gitblit (Maven) May 22, 2022
Improper Privilege Management in craftercms Moderate
CVE-2021-23265 was published for org.craftercms:craftercms (Maven) May 17, 2022
Improper Privilege Management in MySQL Connectors Java High
CVE-2018-3258 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks Moderate
CVE-2018-1999032 was published for org.jenkins-ci.plugins:pangolin-testrail-connector (Maven) May 13, 2022
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass High
CVE-2018-1000866 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 13, 2022
Improper Privilege Management in Jenkins High
CVE-2018-1000865 was published for org.jenkins-ci.plugins:script-security (Maven) May 13, 2022
Improper Privilege Management in Jenkins Config File Provider Plugin Moderate
CVE-2017-1000104 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 13, 2022
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
Cloud Foundry UAA Identity Zone Admin Privilege Escalation Moderate
CVE-2017-8032 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA password reset vulnerability High
CVE-2017-4991 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA privilege escalation with user invitations Critical
CVE-2017-4992 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Cloud Foundry UAA Privilege Escalation High
CVE-2017-4973 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
PostgreSQL PL/Java Improper Privilege Management Moderate
CVE-2016-0767 was published for postgresql:pljava-public (Maven) May 13, 2022
Elasticsearch privilege escalation Moderate
CVE-2022-23708 was published for org.elasticsearch:elasticsearch (Maven) Mar 4, 2022
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator Critical
CVE-2021-21428 was published for org.openapitools:openapi-generator-online (Maven) May 11, 2021
JLLeitschuh
ProTip! Advisories are also available from the GraphQL API