GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Privilege Escalation in Kubernetes
Critical
CVE-2018-1002105
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Improper Privilege Management in Gitea
Critical
CVE-2021-45330
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Improper Privilege Management in rdiffweb
Critical
CVE-2022-4314
was published
for
rdiffweb
(pip)
Dec 12, 2022
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39168
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39167
was published
for
@openzeppelin/contracts
(npm)
Aug 30, 2021
xwiki-platform vulnerable to Remote Code Execution in Annotations
Critical
CVE-2023-26475
was published
for
org.xwiki.platform:xwiki-platform-annotation-ui
(Maven)
Mar 2, 2023
Improper Privilege Management in Open Web Analytics
Critical
CVE-2022-24637
was published
for
open-web-analytics/open-web-analytics
(Composer)
Mar 19, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Sandbox bypass leading to arbitrary code execution in Deno
Critical
CVE-2022-24783
was published
for
deno
(Rust)
Mar 29, 2022
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Hashicorp Nomad Access Control Issues
Critical
CVE-2019-12618
was published
for
github.com/hashicorp/nomad
(Go)
May 24, 2022
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Critical
CVE-2023-34465
was published
for
org.xwiki.platform:xwiki-platform-mail-send-default
(Maven)
Jun 20, 2023
KubePi Privilege Escalation vulnerability
Critical
CVE-2023-37917
was published
for
github.com/KubeOperator/kubepi
(Go)
Jul 21, 2023
Apache InLong Improper Privilege Management vulnerability
Critical
CVE-2023-31062
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Puppet Bolt privilege escalation vulnerability
Critical
CVE-2023-5214
was published
for
bolt
(RubyGems)
Oct 6, 2023
Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-59c9-pxq8-9c73
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
Improper Privilege Management in sap-xssec
Critical
GHSA-6mjg-37cp-42x5
was published
for
sap-xssec
(pip)
Dec 13, 2023
Privilege escalation in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 12, 2023
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Critical
CVE-2023-7080
was published
for
wrangler
(npm)
Jan 3, 2024
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
ProTip!
Advisories are also available from the
GraphQL API