Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

196 advisories

Loading
Incorrect access control in typo3_forum Moderate
CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022
cysp
Incorrect Authorization in Jenkins Moderate
CVE-2017-2599 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Undertow Moderate
CVE-2017-12196 was published for io.undertow:undertow-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999047 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Git Plugin Moderate
CVE-2018-1000110 was published for org.jenkins-ci.plugins:git (Maven) May 13, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
Encoded URIs can access WEB-INF directory in Eclipse Jetty Moderate
CVE-2021-34429 was published for org.eclipse.jetty:jetty-webapp (Maven) Jul 19, 2021
cangqingzhe lachlan-roberts
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Incorrect Authorization in MySQL Connector Java Moderate
CVE-2021-2471 was published for mysql:mysql-connector-java (Maven) May 24, 2022
Access control issue in AlekSIS-Core Moderate
CVE-2022-29773 was published for aleksis-core (pip) Jun 4, 2022
Incorrect Authorization in thinkcmf Moderate
CVE-2021-40616 was published for thinkcmf/thinkcmf (Composer) Jun 15, 2022
NT auth module vulnerability in OpenAM Moderate
CVE-2022-34298 was published for org.openidentityplatform.openam:openam-core (Maven) Jun 24, 2022
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
Incorrect Authorization in Jenkins Request Rename Or Delete Plugin Moderate
CVE-2022-34814 was published for org.jenkins-ci.plugins:rrod (Maven) Jul 1, 2022
NotMyFault
Incorrect Authorization in Jenkins requests-plugin Moderate
CVE-2022-34782 was published for org.jenkins-ci.plugins:requests (Maven) Jul 1, 2022
NotMyFault
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-32716 was published for shopware/platform (Composer) Sep 8, 2021
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
Incorrect Authorization in Jenkins Core Moderate
CVE-2016-3722 was published for org.jenkins-ci.main:jenkins-core (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API