GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
43 advisories
Filter by severity
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2023-22647
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
Improper Privilege Management in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 13, 2023
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
AWS Amplify CLI has incorrect trust policy management
Critical
CVE-2024-28056
was published
for
@aws-amplify/cli
(npm)
Apr 15, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Improper Privilege Management in Tomcat
Critical
CVE-2020-1938
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
phpMyAdmin Improper Privilege Management
Critical
CVE-2017-18264
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Critical
CVE-2017-6925
was published
for
drupal/core
(Composer)
May 13, 2022
Cloud Foundry UAA privilege escalation with user invitations
Critical
CVE-2017-4992
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
Magento business logic error vulnerability
Critical
CVE-2020-9630
was published
for
magento/community-edition
(Composer)
May 24, 2022
Arbitrary remote code execution within `wrangler dev` Workers sandbox
Critical
CVE-2023-7080
was published
for
wrangler
(npm)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API