GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
269 advisories
Filter by severity
Plone Unauthenticated Write Vulnerability
Critical
CVE-2020-7941
was published
for
Plone
(pip)
May 24, 2022
Apache Spark vulnerable to Improper Privilege Management
Critical
CVE-2023-22946
was published
for
org.apache.spark:spark-core_2.12
(Maven)
Apr 17, 2023
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-9518
was published
Oct 10, 2024
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2023-22647
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
Windows Update Stack Elevation of Privilege Vulnerability
Critical
Unreviewed
CVE-2021-1694
was published
May 24, 2022
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege...
Critical
Unreviewed
CVE-2024-3057
was published
Oct 8, 2024
According to the researcher: "The TLS connections are encrypted against tampering or...
Critical
Unreviewed
CVE-2024-44097
was published
Oct 2, 2024
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain...
Critical
Unreviewed
CVE-2023-36100
was published
Sep 1, 2023
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in...
Critical
Unreviewed
CVE-2024-9265
was published
Oct 1, 2024
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 13, 2023
Improper Privilege Management in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 13, 2023
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges...
Critical
Unreviewed
CVE-2023-43457
was published
Sep 25, 2023
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows...
Critical
Unreviewed
CVE-2024-34331
was published
Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote...
Critical
Unreviewed
CVE-2024-0003
was published
Sep 23, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and...
Critical
Unreviewed
CVE-2024-8853
was published
Sep 20, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,...
Critical
Unreviewed
CVE-2023-0635
was published
Jul 6, 2023
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this...
Critical
Unreviewed
CVE-2023-44106
was published
Oct 11, 2023
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions.
Critical
Unreviewed
CVE-2023-44809
was published
Oct 16, 2023
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
ProTip!
Advisories are also available from the
GraphQL API