GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
137 advisories
Filter by severity
TShock Security Escalation Exploit
High
GHSA-hvm9-wc8j-mgrc
was published
for
TShock
(NuGet)
Dec 18, 2024
Apache Ozone: Improper authentication when generating S3 secrets
High
CVE-2024-45106
was published
for
org.apache.ozone:ozone
(Maven)
Dec 3, 2024
OpenStack Identity service (keystone) Incorrect Authorization
High
CVE-2017-2673
was published
for
keystone
(pip)
May 13, 2022
OpenStack Compute Nova Unauthorised access to arbitrary VM using VNC token from deleted VM
High
CVE-2013-0335
was published
for
Nova
(pip)
May 5, 2022
Harbor fails to validate the user permissions when updating tag retention policies
High
CVE-2022-31670
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
trytond Incorrect Authorization vulnerability
High
CVE-2012-2238
was published
for
trytond
(pip)
Apr 23, 2022
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
High
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Apache Kafka: Potential incorrect access control during migration from ZK mode to KRaft mode
High
CVE-2024-27309
was published
for
org.apache.kafka:kafka-metadata
(Maven)
Apr 12, 2024
ZITADEL's actions can overload reserved claims
High
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Apache Airflow Incorrect Authorization vulnerability
High
CVE-2023-35908
was published
for
apache-airflow
(pip)
Jul 12, 2023
Incorrect Authorization in calibreweb
High
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
Autolab Misconfigured Reset Password Permissions
High
CVE-2024-49376
was published
for
Autolab
(RubyGems)
Oct 25, 2024
Parse Server's custom object ID allows to acquire role privileges
High
CVE-2024-47183
was published
for
parse-server
(npm)
Oct 4, 2024
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
High
CVE-2022-29946
was published
for
github.com/nats-io/nats-server/v2
(Go)
Jul 11, 2024
phpBB 3.0.7 allows remote attackers to bypass intended access restrictions
High
CVE-2010-1627
was published
for
phpbb/phpbb
(Composer)
May 17, 2022
Salt's PAM auth fails to reject locked accounts
High
CVE-2022-22967
was published
for
salt
(pip)
Jun 25, 2022
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
High
CVE-2012-5489
was published
for
Plone
(pip)
Jul 23, 2018
Pomerium service account access token may grant unintended access to databroker API
High
CVE-2024-47616
was published
for
github.com/pomerium/pomerium
(Go)
Oct 2, 2024
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
OpenStack Neutron vulnerable to hardware address impersonation
High
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Arbitrary file overwrite in OpenStack Nova
High
CVE-2012-3447
was published
for
nova
(pip)
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API