Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

111 advisories

Loading
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs High
CVE-2023-30601 was published for org.apache.cassandra:cassandra-all (Maven) Jul 6, 2023
hanqiuzh
Apache StreamPipes Improper Privilege Management vulnerability High
CVE-2023-31469 was published for org.apache.streampipes:streampipes-parent (Maven) Jun 23, 2023
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation High
CVE-2023-29018 was published for github.com/open-feature/open-feature-operator (Go) Apr 12, 2023
younaman thisthat
bacherfl
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa High
CVE-2022-48365 was published for ezsystems/ezplatform-kernel (Composer) Mar 12, 2023
Privilege escalation in Apache ShenYu High
CVE-2022-42735 was published for org.apache.shenyu:shenyu-admin (Maven) Feb 15, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles High
CVE-2022-43759 was published for github.com/rancher/rancher (Go) Jan 25, 2023
usememos/memos Improper Privilege Management vulnerability High
CVE-2022-4808 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos makes Incorrect Use of Privileged APIs High
CVE-2022-4687 was published for github.com/usememos/memos (Go) Dec 23, 2022
spring-security-oauth2-client vulnerable to Privilege Escalation High
CVE-2022-31690 was published for org.springframework.security:spring-security-oauth2-client (Maven) Nov 1, 2022
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups High
CVE-2022-31166 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 20, 2022
Parsing issue in matrix-org/node-irc leading to room takeovers High
CVE-2022-39203 was published for matrix-appservice-irc (npm) Sep 15, 2022
wonda-tea-coffee
Improper Privilege Management in com.xuxueli:xxl-job High
CVE-2022-36157 was published for com.xuxueli:xxl-job (Maven) Aug 20, 2022
MarkLee131
Improper Privilege Management in NocoDB High
CVE-2022-2063 was published for nocodb (npm) Jun 14, 2022
Improper Privilege Management in Cilium High
CVE-2022-29179 was published for github.com/cilium/cilium (Go) May 24, 2022
Improper Privilege Management in Neo4j Graph Database High
CVE-2021-34802 was published for org.neo4j:neo4j-kernel (Maven) May 24, 2022
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management High
CVE-2020-1742 was published for github.com/nmstate/kubernetes-nmstate (Go) May 24, 2022 withdrawn
Improper Privilege Management in Spring Framework High
CVE-2021-22118 was published for org.springframework:spring-web (Maven) May 24, 2022
catch22out
Improper Privilege Management in Azure ms-rest-nodeauth High
CVE-2021-28458 was published for @azure/ms-rest-nodeauth (npm) May 24, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database