GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
Apache Linkis vulnerable to privilege escalation
Moderate
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
Improper Privilege Management in Tomcat
Critical
CVE-2020-1938
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
Jenkins Git server Plugin does not perform a permission check
Moderate
CVE-2024-34146
was published
for
org.jenkins-ci.plugins:git-server
(Maven)
May 2, 2024
Keycloak's admin API allows low privilege users to use administrative functions
High
CVE-2024-3656
was published
for
org.keycloak:keycloak-services
(Maven)
Jun 11, 2024
Cloud Foundry UAA password reset vulnerability
High
CVE-2017-4991
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Authorization bypass in org.springframework.security.oauth:spring-security-oauth2
High
CVE-2018-15758
was published
for
org.springframework.security.oauth:spring-security-oauth2
(Maven)
Oct 19, 2018
Cloud Foundry UAA Privilege Escalation
High
CVE-2017-4973
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA privilege escalation with user invitations
Critical
CVE-2017-4992
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Cloud Foundry UAA Identity Zone Admin Privilege Escalation
Moderate
CVE-2017-8032
was published
for
org.cloudfoundry.identity:cloudfoundry-identity-server
(Maven)
May 13, 2022
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs
High
CVE-2023-30601
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Jul 6, 2023
OrientDB vulnerable to Improper Privilage Management leading to arbitrary command injection
Critical
CVE-2017-11467
was published
for
com.orientechnologies:orientdb-core
(Maven)
Oct 18, 2018
Improper Privilege Management in Jenkins Config File Provider Plugin
Moderate
CVE-2017-1000104
was published
for
org.jenkins-ci.plugins:config-file-provider
(Maven)
May 13, 2022
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
Moderate
CVE-2018-1999032
was published
for
org.jenkins-ci.plugins:pangolin-testrail-connector
(Maven)
May 13, 2022
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
High
CVE-2018-1000866
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
Improper Privilege Management in Jenkins
High
CVE-2018-1000865
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-59c9-pxq8-9c73
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
APM Java Agent Local Privilege Escalation issue
High
CVE-2021-37942
was published
for
co.elastic.apm:apm-agent-parent
(Maven)
Nov 22, 2023
Improper Privilege Management in com.xuxueli:xxl-job
High
CVE-2022-36157
was published
for
com.xuxueli:xxl-job
(Maven)
Aug 20, 2022
Apache InLong Improper Privilege Management vulnerability
Critical
CVE-2023-31062
was published
for
org.apache.inlong:manager-dao
(Maven)
Jul 6, 2023
Apache StreamPipes Improper Privilege Management vulnerability
High
CVE-2023-31469
was published
for
org.apache.streampipes:streampipes-parent
(Maven)
Jun 23, 2023
OpenNMS privilege elevation vulnerability
High
CVE-2023-0872
was published
for
org.opennms:opennms-webapp-rest
(Maven)
Aug 14, 2023
ProTip!
Advisories are also available from the
GraphQL API