GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
55 advisories
Filter by severity
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Calico privilege escalation vulnerability
Moderate
CVE-2024-33522
was published
for
github.com/projectcalico/calico
(Go)
Apr 30, 2024
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
Kanister vulnerable to cluster-level privilege escalation
High
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
Harbor fails to validate the user permissions when updating project configurations
Moderate
CVE-2024-22278
was published
for
github.com/goharbor/harbor
(Go)
Jul 31, 2024
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Rancher's External RoleTemplates can lead to privilege escalation
Moderate
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
piraeus-operator allows attacker to impersonate service account
High
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
GHSA-m8rw-rcpq-2vp2
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Moderate
CVE-2022-29526
was published
for
golang.org/x/sys
(Go)
Jun 24, 2022
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
High
CVE-2019-6287
was published
for
github.com/rancher/rancher
(Go)
May 13, 2022
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
High
CVE-2024-24747
was published
for
github.com/minio/minio
(Go)
Feb 1, 2024
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API