GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers
Moderate
CVE-2020-2023
was published
for
github.com/kata-containers/agent
(Go)
Feb 15, 2022
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Moderate
CVE-2023-28436
was published
for
tailscale.com
(Go)
Mar 23, 2023
Ineffective privileges drop when requesting container network
Moderate
CVE-2023-38496
was published
for
github.com/apptainer/apptainer
(Go)
Jul 25, 2023
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Moderate
CVE-2023-30622
was published
for
github.com/clusternet/clusternet
(Go)
Apr 21, 2023
Grafana privilege escalation vulnerability
Moderate
CVE-2023-4822
was published
for
github.com/grafana/grafana
(Go)
Oct 16, 2023
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Moderate
CVE-2023-30617
was published
for
github.com/openkruise/kruise
(Go)
Jan 5, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Moderate
CVE-2022-29526
was published
for
golang.org/x/sys
(Go)
Jun 24, 2022
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
OpenShift Controller Manager Improper Privilege Management
Moderate
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Moderate
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
Kanister vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
ProTip!
Advisories are also available from the
GraphQL API