GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
271 advisories
Filter by severity
Improper Privilege Management in Elasticsearch
High
CVE-2020-7009
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
CodeIgniter Improper Privilege Management
High
CVE-2020-10793
was published
for
codeigniter4/framework
(Composer)
May 24, 2022
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Centreon Privilege Escalation
Critical
CVE-2018-21025
was published
for
centreon/centreon
(Composer)
May 24, 2022
Hashicorp Nomad Access Control Issues
Critical
CVE-2019-12618
was published
for
github.com/hashicorp/nomad
(Go)
May 24, 2022
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
High
CVE-2022-29164
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
May 23, 2022
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Moderate
CVE-2016-7570
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Saving user accounts can sometimes grant the user all roles
High
CVE-2016-6211
was published
for
drupal/core
(Composer)
May 17, 2022
Improper Privilege Management in craftercms
Moderate
CVE-2021-23265
was published
for
org.craftercms:craftercms
(Maven)
May 17, 2022
Puppet Privilege Escallation
Moderate
CVE-2012-1053
was published
for
puppet
(RubyGems)
May 14, 2022
Improper Privilege Management in MySQL Connectors Java
High
CVE-2018-3258
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks
Moderate
CVE-2018-1999032
was published
for
org.jenkins-ci.plugins:pangolin-testrail-connector
(Maven)
May 13, 2022
Moodle Improper Privilege Management
Moderate
CVE-2018-1134
was published
for
moodle/moodle
(Composer)
May 13, 2022
Improper Privilege Management in Jenkins
High
CVE-2018-1000865
was published
for
org.jenkins-ci.plugins:script-security
(Maven)
May 13, 2022
Jenkins Script Security and Pipeline Groovy Plugins Sandbox Bypass
High
CVE-2018-1000866
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 13, 2022
baserCMS Access Control Bypass
Moderate
CVE-2018-0573
was published
for
baserproject/basercms
(Composer)
May 13, 2022
Moodle Improper Privilege Management
Moderate
CVE-2017-7532
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle External blog editing takeover
Moderate
CVE-2017-7489
was published
for
moodle/moodle
(Composer)
May 13, 2022
BuddyPress Docs plugin Improper Privilege Management
Moderate
CVE-2017-6954
was published
for
buddypress/buddypress
(Composer)
May 13, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Critical
CVE-2017-6925
was published
for
drupal/core
(Composer)
May 13, 2022
phpMyAdmin Improper Privilege Management
Critical
CVE-2017-18264
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API