GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
235 advisories
Filter by severity
Downloads Resources over HTTP in cmake
High
CVE-2016-10642
was published
for
cmake
(npm)
Aug 15, 2018
Downloads Resources over HTTP in bionode-sra
High
CVE-2016-10613
was published
for
bionode-sra
(npm)
Feb 18, 2019
Downloads Resources over HTTP in libxl
High
CVE-2016-10585
was published
for
libxl
(npm)
Feb 18, 2019
Downloads Resources over HTTP in node-bsdiff-android
High
CVE-2016-10641
was published
for
node-bsdiff-android
(npm)
Sep 18, 2018
Downloads Resources over HTTP in prince
High
CVE-2016-10591
was published
for
prince
(npm)
Feb 18, 2019
Downloads Resources over HTTP in cobalt-cli
High
CVE-2016-10597
was published
for
cobalt-cli
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-glslviewer
High
CVE-2016-10607
was published
for
openframe-glslviewer
(npm)
Feb 18, 2019
Downloads Resources over HTTP in openframe-image
High
CVE-2016-10616
was published
for
openframe-image
(npm)
Feb 18, 2019
Improper Privilege Management in Apache Karaf
High
CVE-2018-11786
was published
for
org.apache.karaf:apache-karaf
(Maven)
Dec 21, 2018
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Privilege Escalation in Kubernetes
Critical
CVE-2018-1002105
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Improper Privilege Management in shelljs
Moderate
GHSA-64g7-mvw6-v9qj
was published
for
shelljs
(npm)
Jan 14, 2022
Improper Privilege Management in org.apache.hadoop:hadoop-main
High
CVE-2018-11767
was published
for
org.apache.hadoop:hadoop-main
(Maven)
Mar 25, 2019
katello Improper Privilege Management vulnerability
Moderate
CVE-2017-2662
was published
for
katello
(RubyGems)
May 13, 2022
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
High
CVE-2022-29164
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
May 23, 2022
Improper Privilege Management in Concrete CMS
High
CVE-2021-22966
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Improper Privilege Management in MySQL Connectors Java
High
CVE-2018-3258
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Privilege Management in Elasticsearch
High
CVE-2020-7009
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 24, 2022
Tarball permission preservation in puppet
Moderate
CVE-2017-10689
was published
for
puppet
(RubyGems)
May 13, 2022
Unescaped control characters in Gitblit
Critical
CVE-2022-31267
was published
for
com.gitblit:gitblit
(Maven)
May 22, 2022
Any logged in user could edit any other logged in user.
High
CVE-2021-29452
was published
for
@curveball/a12n-server
(npm)
Apr 19, 2021
Improper Privilege Management in Neo4j Graph Database
High
CVE-2021-34802
was published
for
org.neo4j:neo4j-kernel
(Maven)
May 24, 2022
Improper Privilege Management in NocoDB
High
CVE-2022-2063
was published
for
nocodb
(npm)
Jun 14, 2022
ProTip!
Advisories are also available from the
GraphQL API