GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
Downloads Resources over HTTP in cmake
High
CVE-2016-10642
was published
for
cmake
(npm)
Aug 15, 2018
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
Downloads Resources over HTTP in libxl
High
CVE-2016-10585
was published
for
libxl
(npm)
Feb 18, 2019
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
Downloads Resources over HTTP in prince
High
CVE-2016-10591
was published
for
prince
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli
High
CVE-2016-10597
was published
for
cobalt-cli
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer
High
CVE-2016-10607
was published
for
openframe-glslviewer
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-image
High
CVE-2016-10616
was published
for
openframe-image
(npm)
Feb 18, 2019
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Improper Privilege Management in org.apache.hadoop:hadoop-main
High
CVE-2018-11767
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Mar 25, 2019
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
High
CVE-2022-29164
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
May 23, 2022
Improper Privilege Management in Concrete CMS
High
CVE-2021-22966
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Improper Privilege Management in MySQL Connectors Java
High
CVE-2018-3258
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Privilege Management in Elasticsearch
High
CVE-2020-7009
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Any logged in user could edit any other logged in user.
High
CVE-2021-29452
was published
for
@curveball/a12n-server
(npm)
Apr 19, 2021
Improper Privilege Management in Neo4j Graph Database
High
CVE-2021-34802
was published
for
org.neo4j:neo4j-kernel
(Maven)
May 24, 2022
Improper Privilege Management in NocoDB
High
CVE-2022-2063
was published
for
nocodb
(npm)
Jun 14, 2022
Parsing issue in matrix-org/node-irc leading to room takeovers
High
CVE-2022-39203
was published
for
matrix-appservice-irc
(npm)
Sep 15, 2022
npm Vulnerable to Global node_modules Binary Overwrite
High
CVE-2019-16777
was published
for
npm
(npm)
Dec 13, 2019
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
High
CVE-2022-31166
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 20, 2022
Improper Privilege Management in Cilium
High
CVE-2022-29179
was published
for
github.com/cilium/cilium
(Go)
May 24, 2022
spring-security-oauth2-client vulnerable to Privilege Escalation
High
CVE-2022-31690
was published
for
org.springframework.security:spring-security-oauth2-client
(Maven)
Nov 1, 2022
ProTip!
Advisories are also available from the
GraphQL API