GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission
Low
CVE-2024-46989
was published
for
github.com/authzed/spicedb
(Go)
Sep 18, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Kanister vulnerable to cluster-level privilege escalation
High
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
Juju's unprivileged user running on charm node can leak any secret or relation data accessible to the local charm
High
GHSA-6vjm-54vp-mxhx
was published
for
github.com/juju/juju
(Go)
Aug 5, 2024
Harbor fails to validate the user permissions when updating project configurations
Moderate
CVE-2024-22278
was published
for
github.com/goharbor/harbor
(Go)
Jul 31, 2024
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Rancher's External RoleTemplates can lead to privilege escalation
High
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
AdGuardHome privilege escalation vulnerability
High
CVE-2024-36586
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Jun 13, 2024
piraeus-operator allows attacker to impersonate service account
High
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
Calico privilege escalation vulnerability
Moderate
CVE-2024-33522
was published
for
github.com/projectcalico/calico
(Go)
Apr 30, 2024
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
High
CVE-2024-24747
was published
for
github.com/minio/minio
(Go)
Feb 1, 2024
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Moderate
CVE-2023-30617
was published
for
github.com/openkruise/kruise
(Go)
Jan 5, 2024
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API