Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

553 advisories

Loading
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-22251 was published for magento/community-edition (Composer) Mar 27, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Credited to ysksuzuki
On a compromised node, the virt-handler service account can be used to modify all node specs High
CVE-2023-26484 was published for kubevirt.io/kubevirt (Go) Mar 16, 2023
younaman XDTG
Credited to younaman and XDTG
Incorrect Authorization in Jenkins Core Low
CVE-2023-27903 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
Incorrect Authorization in Jenkins Core High
CVE-2023-27899 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
Credited to westonsteimel
OpenSearch has issue with fine-grained access control of indices backing data streams Moderate
CVE-2022-41918 was published for org.opensearch.plugin:opensearch-security (Maven) Mar 7, 2023
xwiki contains Incorrect Authorization Moderate
CVE-2023-26056 was published for org.xwiki.platform:xwiki-platform-rendering-macro-context (Maven) Mar 3, 2023
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
Credited to Toflar and soyuka
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
Credited to crenshaw-dev
Supplementary groups are not set up properly in github.com/containerd/containerd Moderate
CVE-2023-25173 was published for github.com/containerd/containerd (Go) Feb 16, 2023
Missing Authorization in Jenkins Azure Credentials Plugin Moderate
CVE-2023-25768 was published for org.jenkins-ci.plugins:azure-credentials (Maven) Feb 15, 2023
Dompdf vulnerable to URI validation failure on SVG parsing Critical
CVE-2023-23924 was published for dompdf/dompdf (Composer) Feb 1, 2023
Blaklis
Credited to Blaklis
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
Credited to farcaller
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
Keycloak has lack of validation of access token on client registrations endpoint Moderate
CVE-2023-0091 was published for org.keycloak:keycloak-core (Maven) Jan 12, 2023
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
Credited to suanve
Uniswap Universal Router Incorrect Authorization vulnerability High
CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
destiny.gg chat vulnerable to cross-site request forgery High
CVE-2020-36625 was published for github.com/destinygg/chat (Go) Dec 22, 2022
AAD Pod Identity obtaining token with backslash Moderate
CVE-2022-23551 was published for github.com/Azure/aad-pod-identity (Go) Dec 21, 2022
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter) Critical
CVE-2022-47408 was published for fixpunkt/fp-newsletter (Composer) Dec 14, 2022
ohader tdunlap607
Credited to ohader and tdunlap607
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov whatev3n
Credited to MaxFedotov and whatev3n
Incorrect permission checks in Jenkins Support Core Plugin Moderate
CVE-2022-45383 was published for org.jenkins-ci.plugins:support-core (Maven) Nov 16, 2022
NotMyFault
Credited to NotMyFault
Istio may allow identity impersonation if user has localhost access High
CVE-2022-39388 was published for github.com/istio/istio (Go) Nov 9, 2022
howardjohn
Credited to howardjohn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database