Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+

196 advisories

Loading
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
AAD Pod Identity obtaining token with backslash Moderate
CVE-2022-23551 was published for github.com/Azure/aad-pod-identity (Go) Dec 21, 2022
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
OpenFGA Authorization Bypass Moderate
CVE-2022-39352 was published for github.com/openfga/openfga (Go) Nov 8, 2022
tdunlap607
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
Moodle Incorrect Authorization Moderate
CVE-2021-40692 was published for moodle/moodle (Composer) Sep 30, 2022
Missing permission check in Jenkins build-publisher Plugin Moderate
CVE-2022-41230 was published for org.jenkins-ci.plugins:build-publisher (Maven) Sep 22, 2022
NotMyFault
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions Moderate
CVE-2022-36109 was published for github.com/docker/docker (Go) Sep 16, 2022
sjmurdoch neersighted
Harbor fails to validate the user permissions when updating a robot account Moderate
CVE-2022-31667 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs Moderate
CVE-2022-31671 was published for github.com/goharbor/harbor (Go) Sep 9, 2022
openstack-barbican Denial of Service vulnerability Moderate
CVE-2022-23452 was published for barbican (pip) Sep 2, 2022
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth Moderate
CVE-2022-36009 was published for github.com/matrix-org/dendrite (Go) Aug 30, 2022
XMLUI's metadata of withdrawn Items is exposed to anonymous users Moderate
CVE-2022-31190 was published for org.dspace:dspace-xmlui (Maven) Aug 6, 2022
OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli Moderate
CVE-2022-31153 was published for openzeppelin-cairo-contracts (pip) Jul 15, 2022
UnsafeAccessor 1.4.0 until 1.7.0 has no security checking for UnsafeAccess.getInstance() Moderate
CVE-2022-31139 was published for io.github.karlatemp:unsafe-accessor (Maven) Jul 12, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34814 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins requests-plugin Moderate
CVE-2022-34782 was published for org.jenkins-ci.plugins:requests (Maven) Jul 1, 2022
NotMyFault
NT auth module vulnerability in OpenAM Moderate
CVE-2022-34298 was published for org.openidentityplatform.openam:openam-core (Maven) Jun 24, 2022
Improper authorization in Jenkins Embeddable Build Status Plugin bypasses ViewStatus permission requirement Moderate
CVE-2022-34180 was published for org.jenkins-ci.plugins:embeddable-build-status (Maven) Jun 24, 2022
NotMyFault
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database