GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
PrestaShop allows users to uninstall modules from backoffice, even with low rights
Moderate
CVE-2023-43663
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
PrestaShop allows employee without any access rights to list all installed modules
Moderate
CVE-2023-43664
was published
for
prestashop/prestashop
(Composer)
Sep 28, 2023
Privilege Escalation on Linux/MacOS
High
CVE-2023-28434
was published
for
github.com/minio/minio
(Go)
Sep 5, 2023
usememos/memos vulnerable to privilege escalation
High
CVE-2023-4697
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
OpenNMS privilege elevation vulnerability
High
CVE-2023-0872
was published
for
org.opennms:opennms-webapp-rest
(Maven)
Aug 14, 2023
Ineffective privileges drop when requesting container network
Moderate
CVE-2023-38496
was published
for
github.com/apptainer/apptainer
(Go)
Jul 25, 2023
KubePi Privilege Escalation vulnerability
Critical
CVE-2023-37917
was published
for
github.com/KubeOperator/kubepi
(Go)
Jul 21, 2023
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
High
CVE-2023-30601
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Jul 6, 2023
Apache InLong Improper Privilege Management vulnerability
Critical
CVE-2023-31062
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache StreamPipes Improper Privilege Management vulnerability
High
CVE-2023-31469
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jun 23, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights
Critical
CVE-2023-34465
was published
for
org.xwiki.platform:xwiki-platform-mail-send-default
(Maven)
Jun 20, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2023-22647
was published
for
rancher/rancher
(Go)
Jun 6, 2023
Missing "--allow-net" permission check for built-in Node modules
High
CVE-2023-33966
was published
for
deno
(Rust)
May 31, 2023
Improper Privilege Management in microweber
High
CVE-2023-2240
was published
for
microweber/microweber
(Composer)
Apr 22, 2023
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Moderate
CVE-2023-30622
was published
for
github.com/clusternet/clusternet
(Go)
Apr 21, 2023
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
High
CVE-2023-29018
was published
for
github.com/open-feature/open-feature-operator
(Go)
Apr 12, 2023
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management
High
CVE-2023-1762
was published
for
thorsten/phpmyfaq
(Composer)
Mar 31, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL
Moderate
CVE-2023-28640
was published
for
io.apiman:apiman-manager-api-rest-impl
(Maven)
Mar 27, 2023
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Moderate
CVE-2023-28436
was published
for
tailscale.com
(Go)
Mar 23, 2023
Company admin role gives excessive privileges in eZ Platform Ibexa
High
CVE-2022-48365
was published
for
ezsystems/ezplatform-kernel
(Composer)
Mar 12, 2023
xwiki-platform vulnerable to Remote Code Execution in Annotations
Critical
CVE-2023-26475
was published
for
org.xwiki.platform:xwiki-platform-annotation-ui
(Maven)
Mar 2, 2023
Improper Privilege Management in Apache Sling
Moderate
CVE-2023-25621
was published
for
org.apache.sling:org.apache.sling.i18n
(Maven)
Feb 23, 2023
Privilege escalation in Strongbox
Moderate
GHSA-mhgm-52vg-pvvc
was published
for
com.schibsted.security:strongbox-sdk
(Maven)
Feb 16, 2023
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
ProTip!
Advisories are also available from the
GraphQL API