GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
128 advisories
Filter by severity
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions
High
CVE-2023-4853
was published
for
io.quarkus:quarkus-csrf-reactive
(Maven)
Sep 20, 2023
Field injection in the KirbyData text storage handler
High
CVE-2023-38488
was published
for
getkirby/cms
(Composer)
Jul 28, 2023
Paths contain matrix variables bypass decorators
High
CVE-2023-38493
was published
for
com.linecorp.armeria:armeria
(Maven)
Jul 25, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets
High
CVE-2023-34035
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 18, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization
High
CVE-2023-30428
was published
for
org.apache.pulsar:pulsar-broker
(Maven)
Jul 12, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
High
CVE-2023-35166
was published
for
org.xwiki.platform:xwiki-platform-help-ui
(Maven)
Jun 20, 2023
Rancher users retain access after moving namespaces into projects they don't have access to
High
CVE-2020-10676
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
Mattermost Incorrect Authorization vulnerability
High
CVE-2023-2515
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
May 12, 2023
On a compromised node, the virt-handler service account can be used to modify all node specs
High
CVE-2023-26484
was published
for
kubevirt.io/kubevirt
(Go)
Mar 16, 2023
Incorrect Authorization in Jenkins Core
High
CVE-2023-27899
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Mar 10, 2023
api-platform/core's secured properties may be accessible within collections
High
CVE-2023-25575
was published
for
api-platform/core
(Composer)
Feb 28, 2023
KubeOperator allows unauthorized access to system API
High
CVE-2023-22480
was published
for
github.com/KubeOperator/KubeOperator
(Go)
Jan 9, 2023
Uniswap Universal Router Incorrect Authorization vulnerability
High
CVE-2022-48216
was published
for
@uniswap/universal-router
(npm)
Jan 4, 2023
destiny.gg chat vulnerable to cross-site request forgery
High
CVE-2020-36625
was published
for
github.com/destinygg/chat
(Go)
Dec 22, 2022
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
High
CVE-2022-46167
was published
for
github.com/clastix/capsule
(Go)
Dec 5, 2022
Istio may allow identity impersonation if user has localhost access
High
CVE-2022-39388
was published
for
github.com/istio/istio
(Go)
Nov 9, 2022
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
Talos worker join token can be used to get elevated access level to the Talos API
High
CVE-2022-36103
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
High
CVE-2022-2990
was published
for
github.com/containers/buildah
(Go)
Sep 14, 2022
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
High
CVE-2022-2989
was published
for
github.com/containers/podman/v3
(Go)
Sep 14, 2022
Barbican authorization flaw before v14.0.0
High
CVE-2022-23451
was published
for
barbican
(pip)
Sep 7, 2022
Broken Authorization in ZITADEL Actions
High
CVE-2022-36051
was published
for
github.com/zitadel/zitadel
(Go)
Aug 30, 2022
Magento Improper Access Control vulnerability
High
CVE-2022-34255
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Magento Improper Authorization vulnerability
High
CVE-2022-34256
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
ProTip!
Advisories are also available from the
GraphQL API