GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
75 advisories
Filter by severity
Access control vulnerable to user data deletion by anonynmous users
Moderate
CVE-2024-51734
was published
for
AccessControl
(pip)
Nov 4, 2024
Kanister vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Apache Linkis vulnerable to privilege escalation
Moderate
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Harbor fails to validate the user permissions when updating project configurations
Moderate
CVE-2024-22278
was published
for
github.com/goharbor/harbor
(Go)
Jul 31, 2024
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Privilege Escalation in TYPO3 CMS
Moderate
GHSA-v5jp-4h2p-j2p4
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-9rx9-7fmh-gj3g
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
Jenkins Git server Plugin does not perform a permission check
Moderate
CVE-2024-34146
was published
for
org.jenkins-ci.plugins:git-server
(Maven)
May 2, 2024
Calico privilege escalation vulnerability
Moderate
CVE-2024-33522
was published
for
github.com/projectcalico/calico
(Go)
Apr 30, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Moderate
CVE-2023-30617
was published
for
github.com/openkruise/kruise
(Go)
Jan 5, 2024
Craft CMS Privilege Escalation
Moderate
CVE-2024-21622
was published
for
craftcms/cms
(Composer)
Jan 3, 2024
Moodle Improper Access Control vulnerability
Moderate
CVE-2023-5549
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Grafana privilege escalation vulnerability
Moderate
CVE-2023-4822
was published
for
github.com/grafana/grafana
(Go)
Oct 16, 2023
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Moderate
CVE-2023-43663
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
PrestaShop allows employee without any access rights to list all installed modules
Moderate
CVE-2023-43664
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
Ineffective privileges drop when requesting container network
Moderate
CVE-2023-38496
was published
for
github.com/apptainer/apptainer
(Go)
Jul 25, 2023
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Moderate
CVE-2023-30622
was published
for
github.com/clusternet/clusternet
(Go)
Apr 21, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL
Moderate
CVE-2023-28640
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Mar 27, 2023
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Moderate
CVE-2023-28436
was published
for
tailscale.com
(Go)
Mar 23, 2023
ProTip!
Advisories are also available from the
GraphQL API