Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,736
Maven
5,000+
npm
4,336
NuGet
764
pip
4,110
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

396 advisories

Loading
After user deletion in MongoDB Server the improper invalidation of authorization sessions allows... Moderate Unreviewed
CVE-2019-2386 was published May 24, 2022
Magento Insufficient authorization check when adding users to company accounts Moderate
CVE-2019-7872 was published for magento/community-edition (Composer) May 24, 2022
Missing Authorization in Jenkins Pipeline: Shared Groovy Libraries Plugin Moderate
CVE-2019-10357 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) May 24, 2022
dbolkensteyn
Credited to dbolkensteyn
Missing Authorization in Jenkins Configuration as Code Plugin Moderate
CVE-2019-10344 was published for io.jenkins:configuration-as-code (Maven) May 24, 2022
GitLab EE, version 11.5 before 11.5.1, is vulnerable to an insecure object reference issue that... Moderate Unreviewed
CVE-2018-19578 was published May 24, 2022
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed... Moderate Unreviewed
CVE-2018-16074 was published May 24, 2022
Insufficient policy enforcement in extensions API in Google Chrome prior to 69.0.3497.81 allowed... Moderate Unreviewed
CVE-2018-16086 was published May 24, 2022
Object lifecycle issue in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker... Moderate Unreviewed
CVE-2018-16077 was published May 24, 2022
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed... Moderate Unreviewed
CVE-2018-16073 was published May 24, 2022
cfme-gemset versions 5.10.4.3 and below, 5.9.9.3 and below are vulnerable to a data leak, due to... Moderate Unreviewed
CVE-2019-10159 was published May 24, 2022
Kernel can inject faults in computations during the execution of TrustZone leading to information... Moderate Unreviewed
CVE-2017-8252 was published May 24, 2022
A vulnerability in the Secure Shell (SSH) authentication function of Cisco IOS XR Software could... Moderate Unreviewed
CVE-2019-1842 was published May 24, 2022
A vulnerability in the External RESTful Services (ERS) API of the Cisco Identity Services Engine ... Moderate Unreviewed
CVE-2019-1851 was published May 24, 2022
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to modify or read configuration... Moderate Unreviewed
CVE-2014-2349 was published May 17, 2022
Huawei P9 phones with software EVA-AL10C00,EVA-CL10C00,EVA-DL10C00,EVA-TL10C00 and P9 Lite phones... Moderate Unreviewed
CVE-2016-8776 was published May 17, 2022
Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that could allow an authenticated... Moderate Unreviewed
CVE-2017-2686 was published May 17, 2022
An issue was discovered in Asterisk Open Source 11.x before 11.25.1, 13.x before 13.13.1, and 14... Moderate Unreviewed
CVE-2016-9938 was published May 17, 2022
The filesystem implementation in the Linux kernel through 4.8.2 preserves the setgid bit during a... Moderate Unreviewed
CVE-2016-7097 was published May 14, 2022
The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 before Patch 3 on Windows... Moderate Unreviewed
CVE-2016-5063 was published May 14, 2022
IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 through cumulative fix 2... Moderate Unreviewed
CVE-2015-7463 was published May 14, 2022
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass... Moderate Unreviewed
CVE-2014-6049 was published May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3... Moderate Unreviewed
CVE-2016-7651 was published May 14, 2022
Improper Authorization in Jenkins Moderate
CVE-2018-1000408 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper authorization in Jenkins Job and Node Ownership Plugin Moderate
CVE-2018-1000107 was published for com.synopsys.jenkinsci:ownership (Maven) May 13, 2022
Zulip Server 1.5.1 and below suffer from an error in the implementation of the... Moderate Unreviewed
CVE-2017-0896 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database