GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
230 advisories
Filter by severity
EC-CUBE Improper access control vulnerability
High
CVE-2021-20778
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Improper Privilege Management in Azure ms-rest-nodeauth
High
CVE-2021-28458
was published
for
@azure/ms-rest-nodeauth
(npm)
May 24, 2022
ClusterLabs crmsh vulnerable to shell code injection
High
CVE-2020-35459
was published
for
crmsh
(pip)
May 24, 2022
AVideo vulnerable to Improper Privilege Management
High
CVE-2020-23489
was published
for
wwbn/avideo
(Composer)
May 24, 2022
Dolibarr CRM allows Privilege Escalation
Moderate
CVE-2020-14201
was published
for
dolibarr/dolibarr
(Composer)
May 24, 2022
Improper privilege management in elasticsearch
Moderate
CVE-2020-7019
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
Improper Privilege Management in Elasticsearch
High
CVE-2020-7009
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
CodeIgniter Improper Privilege Management
High
CVE-2020-10793
was published
for
codeigniter4/framework
(Composer)
May 24, 2022
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
Hashicorp Nomad Access Control Issues
Critical
CVE-2019-12618
was published
for
github.com/hashicorp/nomad
(Go)
May 24, 2022
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
High
CVE-2022-29164
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
May 23, 2022
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Moderate
CVE-2016-7570
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Saving user accounts can sometimes grant the user all roles
High
CVE-2016-6211
was published
for
drupal/core
(Composer)
May 17, 2022
Improper Privilege Management in craftercms
Moderate
CVE-2021-23265
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Puppet Privilege Escallation
Moderate
CVE-2012-1053
was published
for
puppet
(RubyGems)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API