Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,732
Erlang
35
GitHub Actions
29
Go
2,310
Maven
5,000+
npm
3,949
NuGet
711
pip
3,728
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

475 advisories

Loading
Scanguard through 2019-11-12 on Windows has Insecure Permissions for the installation directory,... Moderate Unreviewed
CVE-2019-18895 was published May 24, 2022
A vulnerability in the HTTP traffic filtering component of Cisco Firepower Threat Defense... Moderate Unreviewed
CVE-2019-1982 was published May 24, 2022
The Symantec SONAR component, prior to 12.0.2, may be susceptible to a tamper protection bypass... Moderate Unreviewed
CVE-2019-12752 was published May 24, 2022
In JetBrains YouTrack before 2019.2.55152, removing tags from the issues list without the... Moderate Unreviewed
CVE-2019-18369 was published May 24, 2022
In JetBrains TeamCity before 2019.1.2, a non-destructive operation could be performed by a user... Moderate Unreviewed
CVE-2019-18367 was published May 24, 2022
In JetBrains TeamCity before 2019.1.2, secure values could be exposed to users with the "View... Moderate Unreviewed
CVE-2019-18366 was published May 24, 2022
An issue was discovered on Mitsubishi Electric ME-RTU devices through 2.02 and INEA ME-RTU... Moderate Unreviewed
CVE-2019-14925 was published May 24, 2022
Jenkins Global Post Script Plugin missing permission check Moderate
CVE-2019-10474 was published for org.jenkins-ci.plugins:global-post-script (Maven) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Incorrect Default Permissions Moderate
CVE-2019-10472 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Dynatrace Plugin contains Incorrect Default Permissions Moderate
CVE-2019-10463 was published for org.jenkins-ci.plugins:dynatrace-dashboard (Maven) May 24, 2022
Jenkins Deploy WebLogic Plugin missing permission check Moderate
CVE-2019-10465 was published for org.jenkins-ci.plugins:weblogic-deployer-plugin (Maven) May 24, 2022
Jenkins Libvirt Slaves Plugin vlnerable to Credential Enumeration Moderate
CVE-2019-10473 was published for org.jenkins-ci.plugins:libvirt-slave (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Credential Enumeration Moderate
CVE-2019-10470 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
Jenkins Kubernetes CI/CD Plugin vulnerable to Improper Authorization Moderate
CVE-2019-10469 was published for com.elasticbox.jenkins-ci.plugins:kubernetes-ci (Maven) May 24, 2022
A vulnerability in the CLI of Cisco TelePresence Collaboration Endpoint (CE) Software could allow... Moderate Unreviewed
CVE-2019-15962 was published May 24, 2022
If a Content Security Policy (CSP) directive is defined that uses a hash-based source that takes... Moderate Unreviewed
CVE-2019-11738 was published May 24, 2022
In Limesurvey before 3.17.14, admin users can run an integrity check without proper permissions. Moderate Unreviewed
CVE-2019-16183 was published May 24, 2022
WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for... Moderate Unreviewed
CVE-2019-15716 was published May 24, 2022
An Incorrect Default Permissions (CWE-276) vulnerability exists in SoMachine Basic, all versions,... Moderate Unreviewed
CVE-2018-7822 was published May 24, 2022
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows... Moderate Unreviewed
CVE-2014-7301 was published May 17, 2022
plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 and 14, sets weak... Moderate Unreviewed
CVE-2010-4176 was published May 17, 2022
fal_sftp extension for TYPO3 uses weak permissions for sFTP driver files and folders Moderate
CVE-2014-8327 was published for co-stack/fal_sftp (Composer) May 17, 2022
Sourcecodester Simple Social Networking Site v1.0 is vulnerable to file deletion via /sns/classes... Moderate Unreviewed
CVE-2022-30375 was published May 14, 2022
Air Cargo Management System v1.0 is vulnerable to file deletion via /acms/classes/Master.php?f... Moderate Unreviewed
CVE-2022-30367 was published May 14, 2022
A write protection lock bit was left unset after boot on an older generation of Lenovo and IBM... Moderate Unreviewed
CVE-2018-9085 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database