GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
Deno arbitrary file descriptor close via `op_node_ipc_pipe()` leading to permission prompt bypass
High
CVE-2024-27933
was published
for
deno
(Rust)
Mar 6, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Velocity execution without script right through tree macro
High
CVE-2023-50732
was published
for
org.xwiki.platform:xwiki-platform-index-tree-macro
(Maven)
Dec 19, 2023
Apache Superset incorrect write permissions vulnerability
High
CVE-2023-49734
was published
for
apache-superset
(pip)
Dec 19, 2023
Apache Superset - Elevation of Privilege
High
CVE-2023-40610
was published
for
apache-superset
(pip)
Nov 28, 2023
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions
High
CVE-2023-4853
was published
for
io.quarkus:quarkus-csrf-reactive
(Maven)
Sep 20, 2023
Field injection in the KirbyData text storage handler
High
CVE-2023-38488
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Paths contain matrix variables bypass decorators
High
CVE-2023-38493
was published
for
com.linecorp.armeria:armeria
(Maven)
Jul 25, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets
High
CVE-2023-34035
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 18, 2023
Apache Airflow Incorrect Authorization vulnerability
High
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
High
CVE-2023-30428
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
High
CVE-2023-35166
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Jun 20, 2023
Rancher users retain access after moving namespaces into projects they don't have access to
High
CVE-2020-10676
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
Mattermost Incorrect Authorization vulnerability
High
CVE-2023-2515
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
May 12, 2023
On a compromised node, the virt-handler service account can be used to modify all node specs
High
CVE-2023-26484
was published
for
kubevirt.io/kubevirt
(Go)
Mar 16, 2023
Incorrect Authorization in Jenkins Core
High
CVE-2023-27899
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
api-platform/core's secured properties may be accessible within collections
High
CVE-2023-25575
was published
for
api-platform/core
(Composer)
Feb 28, 2023
KubeOperator allows unauthorized access to system API
High
CVE-2023-22480
was published
for
github.com/KubeOperator/KubeOperator
(Go)
Jan 9, 2023
Uniswap Universal Router Incorrect Authorization vulnerability
High
CVE-2022-48216
was published
for
@uniswap/universal-router
(npm)
Jan 4, 2023
destiny.gg chat vulnerable to cross-site request forgery
High
CVE-2020-36625
was published
for
github.com/destinygg/chat
(Go)
Dec 22, 2022
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
High
CVE-2022-46167
was published
for
github.com/clastix/capsule
(Go)
Dec 5, 2022
Istio may allow identity impersonation if user has localhost access
High
CVE-2022-39388
was published
for
github.com/istio/istio
(Go)
Nov 9, 2022
ProTip!
Advisories are also available from the
GraphQL API