GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authorization in org.apache.hbase:hbase
High
CVE-2019-0212
was published
for
org.apache.hbase:hbase
(Maven)
Apr 2, 2019
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
Malicious takeover of previously owned ENS names
High
CVE-2020-5232
was published
for
@ensdomains/ens
(npm)
Jan 30, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Firewall configured with unanimous strategy was not actually unanimous in Symfony
High
CVE-2020-5275
was published
for
symfony/security
(Composer)
Mar 30, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Authorization bypass in express-jwt
High
CVE-2020-15084
was published
for
express-jwt
(npm)
Jun 30, 2020
Privilege escalation in Presto
High
CVE-2020-15087
was published
for
io.prestosql:presto-server
(Maven)
Jun 30, 2020
Improper Authorization in loopback
High
GHSA-8wgc-jjvv-cv6v
was published
for
loopback
(npm)
Sep 2, 2020
Improper Authorization in googleapis
High
GHSA-7543-mr7h-6v86
was published
for
googleapis
(npm)
Sep 2, 2020
Improper Authorization in @sap-cloud-sdk/core
High
GHSA-r2vw-jgq9-jqx2
was published
for
@sap-cloud-sdk/core
(npm)
Sep 3, 2020
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Information Exposure in Docker Engine
High
CVE-2015-3630
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper Authorization in librenms
High
CVE-2022-0587
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
go.etcd.io/etcd Authentication Bypass
High
CVE-2018-16886
was published
for
go.etcd.io/etcd
(Go)
Apr 12, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher
High
CVE-2021-4200
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authorization in Apache Xalan-Java
High
CVE-2014-0107
was published
for
xalan:xalan
(Maven)
May 13, 2022
Moodle all messaging conversations could be viewed
High
CVE-2019-10154
was published
for
moodle/moodle
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API