Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

226 advisories

Loading
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Singularity High
CVE-2019-11328 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
Privilege Elevation in runc High
CVE-2016-3697 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Privilege escalation in the Sulu Admin panel High
CVE-2021-43835 was published for sulu/sulu (Composer) Dec 15, 2021
APM Java Agent Local Privilege Escalation High
CVE-2021-37941 was published for elastic-apm (pip) Dec 9, 2021
Improper Privilege Management in devise_masquerade High
CVE-2021-28680 was published for devise_masquerade (RubyGems) Dec 8, 2021
Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
TimelockController vulnerability in OpenZeppelin Contracts Critical
CVE-2021-39168 was published for @openzeppelin/contracts-upgradeable (npm) Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts Critical
CVE-2021-39167 was published for @openzeppelin/contracts (npm) Aug 30, 2021
Permissions bypass in pleaser High
CVE-2021-31155 was published for pleaser (Rust) Aug 25, 2021
michaelkedar
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
Improper Privilege Management in HashiCorp Nomad High
CVE-2021-3283 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Deserialization of Untrusted Data in Flask-Caching Moderate
CVE-2021-33026 was published for Flask-Caching (pip) Jun 18, 2021
fluffy-critter
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator Critical
CVE-2021-21428 was published for org.openapitools:openapi-generator-online (Maven) May 11, 2021
JLLeitschuh
Privilege escalation in spring security High
CVE-2021-22112 was published for org.springframework.security:spring-security-bom (Maven) May 10, 2021
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
ProTip! Advisories are also available from the GraphQL API