Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x... Moderate Unreviewed
CVE-2022-41766 was published May 29, 2023
Jenkins Azure VM Agents Plugin missing permission checks Moderate
CVE-2023-32990 was published for org.jenkins-ci.plugins:azure-vm-agents (Maven) May 16, 2023
Jenkins Tag Profiler Plugin missing permission check Moderate
CVE-2023-33004 was published for org.jenkins-ci.plugins:tag-profiler (Maven) May 16, 2023
Jenkins Email Extension Plugin missing permission check Moderate
CVE-2023-32979 was published for org.jenkins-ci.plugins:email-ext (Maven) May 16, 2023
Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged ... Moderate Unreviewed
CVE-2023-31445 was published May 11, 2023
Incorrect permission assignment for critical resource in some Intel(R) QAT drivers for Windows... Moderate Unreviewed
CVE-2022-41771 was published May 10, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15... Moderate Unreviewed
CVE-2023-2478 was published May 8, 2023
NVIDIA DGX-2 SBIOS contains a vulnerability where an attacker may modify the ServerSetup NVRAM... Moderate Unreviewed
CVE-2023-0207 was published Apr 22, 2023
A permission misconfiguration in UI Desktop for Windows (Version 0.59.1.71 and earlier) could... Moderate Unreviewed
CVE-2023-28123 was published Apr 19, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Supermicro X11SSL-CF HW Rev 1.01, BMC firmware v1.63 was discovered to contain insecure permissions. Moderate Unreviewed
CVE-2022-43309 was published Apr 7, 2023
Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update... Moderate Unreviewed
CVE-2023-0944 was published Apr 5, 2023
A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but... Moderate Unreviewed
CVE-2023-0225 was published Apr 4, 2023
Hippo4j allows attacker to obtain sensitive info via ConfigVerifyController function of Tenant Management module Moderate
CVE-2023-27096 was published for cn.hippo4j:hippo4j-all (Maven) Mar 27, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3146 was published for tripleo-ansible (pip) Mar 23, 2023
tripleo-ansible may disclose important configuration details from an OpenStack deployment Moderate
CVE-2022-3101 was published for tripleo-ansible (pip) Mar 23, 2023
The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and... Moderate Unreviewed
CVE-2022-4148 was published Mar 20, 2023
Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to... Moderate Unreviewed
CVE-2023-27084 was published Mar 16, 2023
Exposure of Sensitive Information in OpenGoofy Hippo4j Moderate
CVE-2023-27095 was published for cn.hippo4j:hippo4j-core (Maven) Mar 16, 2023
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration... Moderate Unreviewed
CVE-2022-21939 was published Feb 9, 2023
In BIG-IP versions 17.0.x before 17.0.0.2, 16.1.x before 16.1.3.3, 15.1.x before 15.1.8.1, 14.1.x... Moderate Unreviewed
CVE-2023-22326 was published Feb 1, 2023
Docker version 20.10.15, build fd82621 is vulnerable to Insecure Permissions. Unauthorized users... Moderate Unreviewed
CVE-2022-37708 was published Feb 1, 2023
In Eternal Terminal 6.2.1, etserver and etclient have predictable logfile names in /tmp. Moderate Unreviewed
CVE-2022-48257 was published Jan 13, 2023
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has... Moderate Unreviewed
CVE-2022-39186 was published Jan 12, 2023
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39... Moderate Unreviewed
CVE-2022-47927 was published Jan 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database