GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers
Moderate
CVE-2020-2023
was published
for
github.com/kata-containers/agent
(Go)
Feb 15, 2022
Authentication Bypass in keycloak
High
CVE-2020-27826
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 18, 2022
kOps privilege escalation vulnerability
High
CVE-2023-1943
was published
for
k8s.io/kops
(Go)
Oct 12, 2023
Wings vulnerable to escape to host from installation container
Critical
CVE-2023-32080
was published
for
github.com/pterodactyl/wings
(Go)
May 11, 2023
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Moderate
CVE-2023-30617
was published
for
github.com/openkruise/kruise
(Go)
Jan 5, 2024
Submariner Operator sets unnecessary RBAC permissions in helm charts
Moderate
CVE-2024-5042
was published
for
github.com/submariner-io/submariner-operator
(Go)
May 17, 2024
Apache Airflow vulnerable to Execution with Unnecessary Privileges
High
CVE-2024-45034
was published
for
apache-airflow
(pip)
Sep 7, 2024
Execution with Unnecessary Privileges in JupyterApp
High
CVE-2022-39286
was published
for
jupyter-core
(pip)
Oct 26, 2022
Execution with Unnecessary Privileges in ipython
High
CVE-2022-21699
was published
for
ipython
(pip)
Jan 21, 2022
open-webui Insecure Direct Object Reference (IDOR) vulnerability
Moderate
CVE-2024-7041
was published
for
open-webui
(pip)
Oct 9, 2024
Local Privilege Escalation in PyInstaller
High
CVE-2019-16784
was published
for
PyInstaller
(pip)
Jan 16, 2020
Code Injection, Race Condition, and Execution with Unnecessary Privileges in Ansible
Moderate
CVE-2020-10684
was published
for
ansible
(pip)
Apr 7, 2021
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Moderate
CVE-2024-7387
was published
for
github.com/openshift/builder
(Go)
Sep 17, 2024
ProTip!
Advisories are also available from the
GraphQL API