Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

75 advisories

Loading
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
katello Improper Privilege Management vulnerability Moderate
CVE-2017-2662 was published for katello (RubyGems) May 13, 2022
Tarball permission preservation in puppet Moderate
CVE-2017-10689 was published for puppet (RubyGems) May 13, 2022
BenK0lin
matrix-appservice-irc vulnerable to IRC mode parameter confusion Moderate
CVE-2022-39202 was published for matrix-appservice-irc (npm) Sep 15, 2022
Improper Privilege Management in craftercms Moderate
CVE-2021-23265 was published for org.craftercms:craftercms (Maven) May 17, 2022
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers Moderate
CVE-2020-2023 was published for github.com/kata-containers/agent (Go) Feb 15, 2022
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
Improper Privilege Management in Mattermost Moderate
CVE-2022-1332 was published for github.com/mattermost/mattermost-server/v5 (Go) Apr 14, 2022
kurt-r2c
Improper Privilege Management in Apache Sling Moderate
CVE-2023-25621 was published for org.apache.sling:org.apache.sling.i18n (Maven) Feb 23, 2023
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch:opensearch-security (Maven) Jan 24, 2023
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process Moderate
CVE-2023-28436 was published for tailscale.com (Go) Mar 23, 2023
rmb938
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Improper privilege management in elasticsearch Moderate
CVE-2020-7019 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
westonsteimel
Elasticsearch privilege escalation Moderate
CVE-2022-23708 was published for org.elasticsearch:elasticsearch (Maven) Mar 4, 2022
baserCMS Access Control Bypass Moderate
CVE-2018-0573 was published for baserproject/basercms (Composer) May 13, 2022
Improper Privilege Management in Snipe-IT Moderate
CVE-2022-0579 was published for snipe/snipe-it (Composer) Feb 15, 2022
PostgreSQL PL/Java Improper Privilege Management Moderate
CVE-2016-0767 was published for postgresql:pljava-public (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database