GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
Field-level access-control bypass for multiselect field
Critical
CVE-2022-39322
was published
for
@keystone-6/core
(npm)
Oct 18, 2022
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Critical
CVE-2022-35924
was published
for
next-auth
(npm)
Aug 2, 2022
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Critical
CVE-2022-31692
was published
for
org.springframework.security:spring-security-core
(Maven)
Nov 1, 2022
Potential session hijack in Apache CXF
Critical
CVE-2019-12419
was published
for
org.apache.cxf:cxf
(Maven)
Nov 8, 2019
Incorrect Authorization in Apache Solr
Critical
CVE-2021-29943
was published
for
org.apache.solr:solr-parent
(Maven)
May 10, 2021
Incorrect Authorization in Apache Ozone
Critical
CVE-2021-39233
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
Pebble Templates protection mechanism bypass can lead to arbitrary code execution
Critical
CVE-2022-37767
was published
for
io.pebbletemplates:pebble
(Maven)
Sep 13, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments
Critical
CVE-2022-0482
was published
for
alextselegidis/easyappointments
(Composer)
Mar 10, 2022
Access Control vulnerability within CoreNLP
Critical
CVE-2021-44550
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Feb 25, 2022
JWT audience claim is not verified
Critical
CVE-2023-22482
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Incorrect Authorization in Apache Solr
Critical
CVE-2020-13957
was published
for
org.apache.solr:solr-parent
(Maven)
Feb 10, 2022
Users with any cluster secret update access may update out-of-bounds cluster secrets
Critical
CVE-2023-23947
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 16, 2023
Privilege escalation in MOSN
Critical
CVE-2021-32163
was published
for
mosn.io/mosn
(Go)
Feb 17, 2023
Dompdf vulnerable to URI validation failure on SVG parsing
Critical
CVE-2023-23924
was published
for
dompdf/dompdf
(Composer)
Feb 1, 2023
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Sandbox bypass leading to arbitrary code execution in Deno
Critical
CVE-2022-24783
was published
for
deno
(Rust)
Mar 29, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy
Critical
CVE-2021-44597
was published
for
gerapy
(pip)
Mar 11, 2022
•
withdrawn
Incorrect Authorization in serverless-offline
Critical
CVE-2021-38384
was published
for
serverless-offline
(npm)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API