Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

426 advisories

Loading
Missing permission checks in Jenkins Azure Service Fabric Plugin Moderate
CVE-2025-24403 was published for org.jenkins-ci.plugins:service-fabric (Maven) Jan 22, 2025
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui Critical
CVE-2022-41930 was published for org.xwiki.platform:xwiki-platform-user-profile-ui (Maven) Nov 21, 2022
anonymous-nlp-student
Double spend in snarkjs High
CVE-2023-33252 was published for snarkjs (npm) May 22, 2023
Jenkins AppSpider Plugin missing permission checks Moderate
CVE-2024-28155 was published for com.rapid7:jenkinsci-appspider-plugin (Maven) Mar 6, 2024
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
Command injection in nevado-jms High
CVE-2023-31826 was published for org.skyscreamer:nevado-jms (Maven) May 23, 2023
Missing Authorization in Jenkins Blue Ocean Plugin Moderate
CVE-2017-1000105 was published for io.jenkins.blueocean:blueocean (Maven) May 13, 2022
anonymous-nlp-student
XWiki Realtime WYSIWYG Editor extension allows privilege escalation (PR) through realtime WYSIWYG editing Critical
CVE-2025-23025 was published for org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui (Maven) Jan 14, 2025
Mattermost leaks details of AD/LDAP groups of a teams Moderate
CVE-2024-23493 was published for github.com/mattermost/mattermost/server/v8 (Go) Feb 29, 2024
Ray Missing Authorization vulnerability Critical
CVE-2023-6020 was published for ray (pip) Nov 16, 2023
cpropps-sysdig
XWiki allows RCE from script right in configurable sections Critical
CVE-2024-55879 was published for org.xwiki.platform:xwiki-platform-administration-ui (Maven) Dec 12, 2024
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user Moderate
CVE-2024-55876 was published for org.xwiki.platform:xwiki-platform-scheduler-ui (Maven) Dec 12, 2024
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges Moderate
CVE-2024-52529 was published for github.com/cilium/cilium (Go) Nov 25, 2024
Apache IoTDB grafana-connector contains an interface without authorization High
CVE-2022-38370 was published for org.apache.iotdb:iotdb-grafana-connector (Maven) Sep 6, 2022
Improper Access Control in janeczku/calibre-web Moderate
CVE-2021-3987 was published for calibreweb (pip) Nov 15, 2024
moodle: Some users can delete audiences of other reports Moderate
CVE-2024-48898 was published for moodle/moodle (Composer) Nov 18, 2024
Tryton Improper Access Control High
CVE-2019-10868 was published for trytond (pip) Apr 10, 2019
Apache Airflow: Bypass permission verification to read code of other dags High
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible Moderate
CVE-2020-10684 was published for ansible (pip) Apr 7, 2021
Script security bypass vulnerability in Jenkins Shared Library Version Override Plugin High
CVE-2024-52554 was published for io.jenkins.plugins:shared-library-version-override (Maven) Nov 13, 2024
Missing permission check in Jenkins Script Security Plugin Moderate
CVE-2024-52549 was published for org.jenkins-ci.plugins:script-security (Maven) Nov 13, 2024
Erroneous authentication pass in Spring Security High
CVE-2024-22257 was published for org.springframework.security:spring-security-core (Maven) Mar 18, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Arbitrary file deletion in litellm High
CVE-2024-4888 was published for litellm (pip) Jun 6, 2024
Mattermost server allows authenticated user to delete arbitrary post Moderate
CVE-2024-50052 was published for github.com/mattermost/mattermost/server/v8 (Go) Oct 29, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database