Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

271 advisories

Loading
Execution with Unnecessary Privileges in JupyterApp High
CVE-2022-39286 was published for jupyter-core (pip) Oct 26, 2022
NuGet Elevation of Privilege Vulnerability High
CVE-2022-41032 was published for NuGet.CommandLine (NuGet) Oct 11, 2022
kartheekp-ms JarLob
Credited to kartheekp-ms and JarLob
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module Moderate
CVE-2022-38512 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
OctoPrint Improper Privilege Management vulnerability High
CVE-2022-3068 was published for OctoPrint (pip) Sep 22, 2022
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups High
CVE-2022-31166 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 20, 2022
matrix-appservice-irc vulnerable to IRC mode parameter confusion Moderate
CVE-2022-39202 was published for matrix-appservice-irc (npm) Sep 15, 2022
Parsing issue in matrix-org/node-irc leading to room takeovers High
CVE-2022-39203 was published for matrix-appservice-irc (npm) Sep 15, 2022
wonda-tea-coffee
Credited to wonda-tea-coffee
Improper Privilege Management in com.xuxueli:xxl-job High
CVE-2022-36157 was published for com.xuxueli:xxl-job (Maven) Aug 20, 2022
MarkLee131
Credited to MarkLee131
Byobu user preference to prevent private discussions being started are not respected Low
CVE-2022-35921 was published for fof/byobu (Composer) Aug 6, 2022
golang.org/x/sys/unix has Incorrect privilege reporting in syscall Moderate
CVE-2022-29526 was published for golang.org/x/sys (Go) Jun 24, 2022
Improper Privilege Management in NocoDB High
CVE-2022-2063 was published for nocodb (npm) Jun 14, 2022
Improper Privilege Management in Cilium High
CVE-2022-29179 was published for github.com/cilium/cilium (Go) May 24, 2022
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers High
CVE-2021-33335 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Improper Privilege Management in Neo4j Graph Database High
CVE-2021-34802 was published for org.neo4j:neo4j-kernel (Maven) May 24, 2022
EC-CUBE Improper access control vulnerability High
CVE-2021-20778 was published for ec-cube/ec-cube (Composer) May 24, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management High
CVE-2020-1742 was published for github.com/nmstate/kubernetes-nmstate (Go) May 24, 2022 withdrawn
Improper Privilege Management in Spring Framework High
CVE-2021-22118 was published for org.springframework:spring-web (Maven) May 24, 2022
catch22out
Credited to catch22out
Improper Privilege Management in Azure ms-rest-nodeauth High
CVE-2021-28458 was published for @azure/ms-rest-nodeauth (npm) May 24, 2022
ClusterLabs crmsh vulnerable to shell code injection High
CVE-2020-35459 was published for crmsh (pip) May 24, 2022
AVideo vulnerable to Improper Privilege Management High
CVE-2020-23489 was published for wwbn/avideo (Composer) May 24, 2022
Dolibarr CRM allows Privilege Escalation Moderate
CVE-2020-14201 was published for dolibarr/dolibarr (Composer) May 24, 2022
Improper privilege management in elasticsearch Moderate
CVE-2020-7019 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
Magento business logic error vulnerability Critical
CVE-2020-9630 was published for magento/community-edition (Composer) May 24, 2022
bbPress unauthenticated privilege-escalation Critical
CVE-2020-13693 was published for bbpress/bbpress (Composer) May 24, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context High
CVE-2020-12689 was published for keystone (pip) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database