GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
226 advisories
Filter by severity
Improper Access Control in Apache Airflow
Moderate
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Pleaser privilege escalation vulnerability
High
CVE-2023-46277
was published
for
pleaser
(Rust)
Oct 20, 2023
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Calico privilege escalation vulnerability
Moderate
CVE-2024-33522
was published
for
github.com/projectcalico/calico
(Go)
Apr 30, 2024
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
Improper Privilege Management in apache-airflow
Moderate
CVE-2021-45230
was published
for
apache-airflow
(pip)
Jan 28, 2022
Kanister vulnerable to cluster-level privilege escalation
High
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access
Moderate
CVE-2024-44076
was published
for
io.github.microcks:microcks-app
(Maven)
Aug 19, 2024
AWS Amplify CLI has incorrect trust policy management
Critical
CVE-2024-28056
was published
for
@aws-amplify/cli
(npm)
Apr 15, 2024
Harbor fails to validate the user permissions when updating project configurations
Moderate
CVE-2024-22278
was published
for
github.com/goharbor/harbor
(Go)
Jul 31, 2024
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Rancher's External RoleTemplates can lead to privilege escalation
Moderate
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
biscuit-auth vulnerable to public key confusion in third party block
Low
CVE-2024-41949
was published
for
biscuit-auth
(Rust)
Jul 31, 2024
RaspAP allows an attacker to escalate privileges
Critical
CVE-2024-41637
was published
for
billz/raspap-webgui
(Composer)
Jul 29, 2024
Apache Linkis vulnerable to privilege escalation
Moderate
CVE-2024-27181
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
ProTip!
Advisories are also available from the
GraphQL API