GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
75 advisories
Filter by severity
Improper Privilege Management in shelljs
Moderate
GHSA-64g7-mvw6-v9qj
was published
for
shelljs
(npm)
Jan 14, 2022
katello Improper Privilege Management vulnerability
Moderate
CVE-2017-2662
was published
for
katello
(RubyGems)
May 13, 2022
Tarball permission preservation in puppet
Moderate
CVE-2017-10689
was published
for
puppet
(RubyGems)
May 13, 2022
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Moderate
CVE-2022-39202
was published
for
matrix-appservice-irc
(npm)
Sep 15, 2022
Improper Privilege Management in craftercms
Moderate
CVE-2021-23265
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Privilege Escalation Flaw in Elasticsearch
Moderate
CVE-2020-7014
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Improper Access Control in infinispan-server-runtime
Moderate
CVE-2020-25711
was published
for
org.infinispan:infinispan-core
(Maven)
Feb 9, 2022
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers
Moderate
CVE-2020-2023
was published
for
github.com/kata-containers/agent
(Go)
Feb 15, 2022
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Moderate
CVE-2022-23117
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Improper Privilege Management in X-Pack
Moderate
CVE-2017-8446
was published
for
org.elasticsearch.plugin:x-pack
(Maven)
May 13, 2022
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Improper Privilege Management in Apache Sling
Moderate
CVE-2023-25621
was published
for
org.apache.sling:org.apache.sling.i18n
(Maven)
Feb 23, 2023
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Moderate
CVE-2023-28436
was published
for
tailscale.com
(Go)
Mar 23, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL
Moderate
CVE-2023-28640
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Mar 27, 2023
Privilege escalation in Strongbox
Moderate
GHSA-mhgm-52vg-pvvc
was published
for
com.schibsted.security:strongbox-sdk
(Maven)
Feb 16, 2023
Improper privilege management in elasticsearch
Moderate
CVE-2020-7019
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Elasticsearch privilege escalation
Moderate
CVE-2022-23708
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 4, 2022
baserCMS Access Control Bypass
Moderate
CVE-2018-0573
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Improper Privilege Management in Snipe-IT
Moderate
CVE-2022-0579
was published
for
snipe/snipe-it
(Composer)
Feb 15, 2022
PostgreSQL PL/Java Improper Privilege Management
Moderate
CVE-2016-0767
was published
for
postgresql:pljava-public
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API