Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

269 advisories

Loading
Plone Unauthenticated Write Vulnerability Critical
CVE-2020-7941 was published for Plone (pip) May 24, 2022
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
The UserPlus plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2024-9518 was published Oct 10, 2024
Rancher vulnerable to Privilege Escalation via manipulation of Secrets Critical
CVE-2023-22647 was published for github.com/rancher/rancher (Go) Jun 6, 2023
andrewpollock
Windows Update Stack Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2021-1694 was published May 24, 2022
A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege... Critical Unreviewed
CVE-2024-3057 was published Oct 8, 2024
According to the researcher: "The TLS connections are encrypted against tampering or... Critical Unreviewed
CVE-2024-44097 was published Oct 2, 2024
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain... Critical Unreviewed
CVE-2023-36100 was published Sep 1, 2023
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in... Critical Unreviewed
CVE-2024-9265 was published Oct 1, 2024
Improper Privilege Management in github.com/sap/cloud-security-client-go Critical
CVE-2023-50424 was published for github.com/sap/cloud-security-client-go (Go) Dec 13, 2023
Improper JWT Signature Validation in SAP Security Services Library Critical
CVE-2023-50422 was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 13, 2023
rosenblueh
Improper Privilege Management in sap-xssec Critical
CVE-2023-50423 was published for sap-xssec (pip) Dec 13, 2023
rosenblueh
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical
GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 withdrawn
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical
GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 withdrawn
Duplicate Advisory: Privilege escalation in sap-xssec Critical
GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 withdrawn
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges... Critical Unreviewed
CVE-2023-43457 was published Sep 25, 2023
A lack of code signature verification in Parallels Desktop for Mac v19.3.0 and below allows... Critical Unreviewed
CVE-2024-34331 was published Sep 23, 2024
A condition exists in FlashArray Purity whereby a malicious user could use a remote... Critical Unreviewed
CVE-2024-0003 was published Sep 23, 2024
The Webo-facto plugin for WordPress is vulnerable to privilege escalation in versions up to, and... Critical Unreviewed
CVE-2024-8853 was published Sep 20, 2024
OpenShift Controller Manager Improper Privilege Management Critical
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
Improper Privilege Management vulnerability in ABB Ltd. ASPECT®-Enterprise on ASPECT®-Enterprise,... Critical Unreviewed
CVE-2023-0635 was published Jul 6, 2023
API permission management vulnerability in the Fwk-Display module.Successful exploitation of this... Critical Unreviewed
CVE-2023-44106 was published Oct 11, 2023
D-Link device DIR-820L 1.05B03 is vulnerable to Insecure Permissions. Critical Unreviewed
CVE-2023-44809 was published Oct 16, 2023
HashiCorp Vault Improper Privilege Management Critical
CVE-2020-10661 was published for github.com/hashicorp/vault (Go) Jan 30, 2024
andrewpollock
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database