GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
24 advisories
Filter by severity
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Cloud Foundry UAA password reset vulnerability
High
CVE-2017-4991
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Cloud Foundry UAA Privilege Escalation
High
CVE-2017-4973
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
High
CVE-2023-30601
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Jul 6, 2023
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
High
CVE-2018-1000866
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Improper Privilege Management in Jenkins
High
CVE-2018-1000865
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
APM Java Agent Local Privilege Escalation issue
High
CVE-2021-37942
was published
for
co.elastic.apm:apm-agent-parent
(Maven)
Nov 22, 2023
Improper Privilege Management in com.xuxueli:xxl-job
High
CVE-2022-36157
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 20, 2022
Apache StreamPipes Improper Privilege Management vulnerability
High
CVE-2023-31469
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jun 23, 2023
OpenNMS privilege elevation vulnerability
High
CVE-2023-0872
was published
for
org.opennms:opennms-webapp-rest
(Maven)
Aug 14, 2023
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Privilege escalation in Apache ShenYu
High
CVE-2022-42735
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Feb 15, 2023
Improper privilege management in Keycloak
High
CVE-2020-14389
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 10, 2021
Privilege escalation in spring security
High
CVE-2021-22112
was published
for
org.springframework.security:spring-security-bom
(Maven)
May 10, 2021
spring-security-oauth2-client vulnerable to Privilege Escalation
High
CVE-2022-31690
was published
for
org.springframework.security:spring-security-oauth2-client
(Maven)
Nov 1, 2022
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
High
CVE-2022-31166
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 20, 2022
Improper Privilege Management in Neo4j Graph Database
High
CVE-2021-34802
was published
for
org.neo4j:neo4j-kernel
(Maven)
May 24, 2022
Improper Privilege Management in Elasticsearch
High
CVE-2020-7009
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Improper Privilege Management in MySQL Connectors Java
High
CVE-2018-3258
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Improper Privilege Management in org.apache.hadoop:hadoop-main
High
CVE-2018-11767
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Mar 25, 2019
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
ProTip!
Advisories are also available from the
GraphQL API