GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
128 advisories
Filter by severity
OpenRefine JDBC Attack Vulnerability
High
CVE-2024-23833
was published
for
org.openrefine:database
(Maven)
Feb 12, 2024
Magento Open Source Improper Authorization vulnerability
High
CVE-2024-45132
was published
for
magento/community-edition
(Composer)
Oct 10, 2024
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
High
CVE-2012-5489
was published
for
Plone
(pip)
Jul 23, 2018
Pomerium service account access token may grant unintended access to databroker API
High
CVE-2024-47616
was published
for
github.com/pomerium/pomerium
(Go)
Oct 2, 2024
Paramiko Authentication Bypass vulnerability
High
CVE-2018-1000805
was published
for
paramiko
(pip)
Oct 10, 2018
OpenStack Neutron vulnerable to hardware address impersonation
High
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
Base class whitelist configuration ignored in OAuthenticator
High
CVE-2020-26250
was published
for
oauthenticator
(pip)
Dec 1, 2020
Arbitrary file overwrite in OpenStack Nova
High
CVE-2012-3447
was published
for
nova
(pip)
May 17, 2022
OpenStack Keystone Insufficient token expiration
High
CVE-2012-5563
was published
for
keystone
(pip)
May 17, 2022
OpenStack Keystone V3 /credentials endpoint policy logic allows to change credentials owner or target project ID
High
CVE-2020-12691
was published
for
keystone
(pip)
May 24, 2022
Possible pod name collisions in jupyterhub-kubespawner
High
CVE-2020-15110
was published
for
jupyterhub-kubespawner
(pip)
Jul 22, 2020
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
SaToken authentication bypass vulnerability
High
CVE-2023-43961
was published
for
cn.dev33:sa-token-core
(Maven)
Oct 25, 2023
Kirby has insufficient permission checks in the language settings
High
CVE-2024-41964
was published
for
getkirby/cms
(Composer)
Aug 29, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
High
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27138
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
High
CVE-2024-39690
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 20, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
Evmos vulnerable to exploit of smart contract account and vesting
High
CVE-2024-39696
was published
for
github.com/evmos/evmos/v18
(Go)
Jul 10, 2024
fabedge has insecure permissions
High
CVE-2024-36536
was published
for
github.com/fabedge/fabedge
(Go)
Jul 24, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Alpine allows URL access filter bypass
High
CVE-2022-23553
was published
for
us.springett:alpine
(Maven)
Aug 5, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
Apache Archiva Incorrect Authorization vulnerability
High
CVE-2024-27139
was published
for
org.apache.archiva:archiva
(Maven)
Mar 1, 2024
ProTip!
Advisories are also available from the
GraphQL API