Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,227
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

58 advisories

Loading
Improper Privilege Management in Apache Karaf High
CVE-2018-11786 was published for org.apache.karaf:apache-karaf (Maven) Dec 21, 2018
Improper Privilege Management in org.apache.hadoop:hadoop-main High
CVE-2018-11767 was published for org.apache.hadoop:hadoop-main (Maven) Mar 25, 2019
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Improper Privilege Management in MySQL Connectors Java High
CVE-2018-3258 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Improper Privilege Management in Elasticsearch High
CVE-2020-7009 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Unescaped control characters in Gitblit Critical
CVE-2022-31267 was published for com.gitblit:gitblit (Maven) May 22, 2022
Improper Privilege Management in Neo4j Graph Database High
CVE-2021-34802 was published for org.neo4j:neo4j-kernel (Maven) May 24, 2022
Improper Privilege Management in craftercms Moderate
CVE-2021-23265 was published for org.craftercms:craftercms (Maven) May 17, 2022
XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups High
CVE-2022-31166 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 20, 2022
Privilege Context Switching Error in Elasticsearch Low
CVE-2020-7020 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
spring-security-oauth2-client vulnerable to Privilege Escalation High
CVE-2022-31690 was published for org.springframework.security:spring-security-oauth2-client (Maven) Nov 1, 2022
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilege escalation in spring security High
CVE-2021-22112 was published for org.springframework.security:spring-security-bom (Maven) May 10, 2021
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
Improper Privilege Management in Apache Sling Moderate
CVE-2023-25621 was published for org.apache.sling:org.apache.sling.i18n (Maven) Feb 23, 2023
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch:opensearch-security (Maven) Jan 24, 2023
xwiki-platform vulnerable to Remote Code Execution in Annotations Critical
CVE-2023-26475 was published for org.xwiki.platform:xwiki-platform-annotation-ui (Maven) Mar 2, 2023
renniepak
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Privilege escalation in Apache ShenYu High
CVE-2022-42735 was published for org.apache.shenyu:shenyu-admin (Maven) Feb 15, 2023
Agent-to-controller security bypass in Jenkins Debian Package Builder Plugin High
CVE-2022-23118 was published for ru.yandex.jenkins.plugins.debuilder:debian-package-builder (Maven) Jan 13, 2022
westonsteimel
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database