GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
Privilege escalation in Apache ShenYu
High
CVE-2022-42735
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Feb 15, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43759
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Issue with whitespace in JWT roles in OpenSearch
Moderate
CVE-2023-23612
was published
for
org.opensearch:opensearch-security
(Maven)
Jan 24, 2023
usememos/memos Improper Privilege Management vulnerability
High
CVE-2022-4808
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos makes Incorrect Use of Privileged APIs
High
CVE-2022-4687
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Sentry vulnerable to invite code reuse via cookie manipulation
Moderate
CVE-2022-23485
was published
for
sentry
(pip)
Dec 12, 2022
Improper Privilege Management in rdiffweb
Critical
CVE-2022-4314
was published
for
rdiffweb
(pip)
Dec 12, 2022
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
spring-security-oauth2-client vulnerable to Privilege Escalation
High
CVE-2022-31690
was published
for
org.springframework.security:spring-security-oauth2-client
(Maven)
Nov 1, 2022
Execution with Unnecessary Privileges in JupyterApp
High
CVE-2022-39286
was published
for
jupyter-core
(pip)
Oct 26, 2022
OctoPrint Improper Privilege Management vulnerability
High
CVE-2022-3068
was published
for
OctoPrint
(pip)
Sep 22, 2022
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
High
CVE-2022-31166
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 20, 2022
matrix-appservice-irc vulnerable to IRC mode parameter confusion
Moderate
CVE-2022-39202
was published
for
matrix-appservice-irc
(npm)
Sep 15, 2022
Parsing issue in matrix-org/node-irc leading to room takeovers
High
CVE-2022-39203
was published
for
matrix-appservice-irc
(npm)
Sep 15, 2022
Improper Privilege Management in com.xuxueli:xxl-job
High
CVE-2022-36157
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 20, 2022
Byobu user preference to prevent private discussions being started are not respected
Low
CVE-2022-35921
was published
for
fof/byobu
(Composer)
Aug 6, 2022
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Moderate
CVE-2022-29526
was published
for
golang.org/x/sys
(Go)
Jun 24, 2022
Improper Privilege Management in NocoDB
High
CVE-2022-2063
was published
for
nocodb
(npm)
Jun 14, 2022
Improper Privilege Management in Cilium
High
CVE-2022-29179
was published
for
github.com/cilium/cilium
(Go)
May 24, 2022
Improper Privilege Management in Neo4j Graph Database
High
CVE-2021-34802
was published
for
org.neo4j:neo4j-kernel
(Maven)
May 24, 2022
EC-CUBE Improper access control vulnerability
High
CVE-2021-20778
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Improper Privilege Management in Spring Framework
High
CVE-2021-22118
was published
for
org.springframework:spring-web
(Maven)
May 24, 2022
Improper Privilege Management in Azure ms-rest-nodeauth
High
CVE-2021-28458
was published
for
@azure/ms-rest-nodeauth
(npm)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API