GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
29 advisories
Filter by severity
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
High
CVE-2022-29164
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
May 23, 2022
Improper Privilege Management in Cilium
High
CVE-2022-29179
was published
for
github.com/cilium/cilium
(Go)
May 24, 2022
usememos/memos Improper Privilege Management vulnerability
High
CVE-2022-4808
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos makes Incorrect Use of Privileged APIs
High
CVE-2022-4687
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher
High
CVE-2021-4200
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43759
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Privilege Escalation in Docker
High
CVE-2014-3499
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
High
CVE-2023-29018
was published
for
github.com/open-feature/open-feature-operator
(Go)
Apr 12, 2023
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Privilege Elevation in runc
High
CVE-2016-3697
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Privilege Escalation on Linux/MacOS
High
CVE-2023-28434
was published
for
github.com/minio/minio
(Go)
Sep 5, 2023
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
usememos/memos vulnerable to privilege escalation
High
CVE-2023-4697
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
High
CVE-2024-24747
was published
for
github.com/minio/minio
(Go)
Feb 1, 2024
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
High
CVE-2019-6287
was published
for
github.com/rancher/rancher
(Go)
May 13, 2022
piraeus-operator allows attacker to impersonate service account
High
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
ProTip!
Advisories are also available from the
GraphQL API