GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
Improper Privilege Management in shelljs
Moderate
GHSA-64g7-mvw6-v9qj
was published
for
shelljs
(npm)
Jan 14, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials
Moderate
CVE-2022-23117
was published
for
org.conjur.jenkins:conjur-credentials
(Maven)
Jan 13, 2022
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin
High
CVE-2022-23118
was published
for
ru.yandex.jenkins.plugins.debuilder:debian-package-builder
(Maven)
Jan 13, 2022
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Privilege Elevation in runc
High
CVE-2016-3697
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Privilege escalation in the Sulu Admin panel
High
CVE-2021-43835
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
APM Java Agent Local Privilege Escalation
High
CVE-2021-37941
was published
for
elastic-apm
(pip)
Dec 9, 2021
Improper Privilege Management in devise_masquerade
High
CVE-2021-28680
was published
for
devise_masquerade
(RubyGems)
Dec 8, 2021
Improper Privilege Management in Concrete CMS
High
CVE-2021-22966
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Improper privilege management in Keycloak
High
CVE-2020-14389
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39168
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39167
was published
for
@openzeppelin/contracts
(npm)
Aug 30, 2021
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Deserialization of Untrusted Data in Flask-Caching
Moderate
CVE-2021-33026
was published
for
Flask-Caching
(pip)
Jun 18, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Privilege escalation in spring security
High
CVE-2021-22112
was published
for
org.springframework.security:spring-security-bom
(Maven)
May 10, 2021
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
Any logged in user could edit any other logged in user.
High
CVE-2021-29452
was published
for
@curveball/a12n-server
(npm)
Apr 19, 2021
ProTip!
Advisories are also available from the
GraphQL API