GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
106 advisories
Filter by severity
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Rancher's External RoleTemplates can lead to privilege escalation
High
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
piraeus-operator allows attacker to impersonate service account
High
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
Dusk plugin may allow unfettered user authentication in misconfigured installs
High
CVE-2024-32003
was published
for
winter/wn-dusk-plugin
(Composer)
Apr 12, 2024
UVDesk Community Helpdesk Improper Privilege Management
High
CVE-2024-3137
was published
for
uvdesk/core-framework
(Composer)
Apr 2, 2024
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
High
CVE-2024-24747
was published
for
github.com/minio/minio
(Go)
Feb 1, 2024
APM Java Agent Local Privilege Escalation issue
High
CVE-2021-37942
was published
for
co.elastic.apm:apm-agent-parent
(Maven)
Nov 22, 2023
Pleaser privilege escalation vulnerability
High
CVE-2023-46277
was published
for
pleaser
(Rust)
Oct 20, 2023
Privilege Escalation on Linux/MacOS
High
CVE-2023-28434
was published
for
github.com/minio/minio
(Go)
Sep 5, 2023
usememos/memos vulnerable to privilege escalation
High
CVE-2023-4697
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
OpenNMS privilege elevation vulnerability
High
CVE-2023-0872
was published
for
org.opennms:opennms-webapp-rest
(Maven)
Aug 14, 2023
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
High
CVE-2023-30601
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Jul 6, 2023
Apache StreamPipes Improper Privilege Management vulnerability
High
CVE-2023-31469
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jun 23, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Improper Privilege Management in microweber
High
CVE-2023-2240
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
ProTip!
Advisories are also available from the
GraphQL API