GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Privilege escalation vulnerability in Apache Hadoop
High
CVE-2018-8029
was published
for
org.apache.hadoop:hadoop-main
(Maven)
May 31, 2019
2FA bypass through deleting devices in wagtail-2fa
High
CVE-2020-5240
was published
for
wagtail-2fa
(pip)
Mar 13, 2020
Information disclosure in parse-server
High
CVE-2020-5251
was published
for
parse-server
(npm)
Mar 4, 2020
Read permissions not enforced for client provided filter expressions in Elide.
High
CVE-2020-5289
was published
for
com.yahoo.elide:elide-core
(Maven)
Mar 30, 2020
Improper Authorization in googleapis
High
GHSA-7543-mr7h-6v86
was published
for
googleapis
(npm)
Sep 2, 2020
Improper Authentication in Keycloak
High
CVE-2018-14637
was published
for
org.keycloak:keycloak-core
(Maven)
Dec 21, 2018
Improper Authorization in @sap-cloud-sdk/core
High
GHSA-r2vw-jgq9-jqx2
was published
for
@sap-cloud-sdk/core
(npm)
Sep 3, 2020
Improper Authorization in loopback
High
GHSA-8wgc-jjvv-cv6v
was published
for
loopback
(npm)
Sep 2, 2020
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper Authorization in org.apache.hbase:hbase
High
CVE-2019-0212
was published
for
org.apache.hbase:hbase
(Maven)
Apr 2, 2019
Improper Authorization in Apache Xalan-Java
High
CVE-2014-0107
was published
for
xalan:xalan
(Maven)
May 13, 2022
Improper Authorization in Undertoe
High
CVE-2020-1745
was published
for
io.undertow:undertow-core
(Maven)
May 24, 2022
XWiki Platform Improper Authorization check for inactive users
High
CVE-2022-36090
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
XWiki users registered with email verification can self re-activate their disabled accounts
High
CVE-2021-32620
was published
for
org.xwiki.commons:xwiki-commons-core
(Maven)
May 18, 2021
Dynamic modification of RPyC service due to missing security check
High
CVE-2019-16328
was published
for
rpyc
(pip)
Feb 17, 2021
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
High
CVE-2022-4147
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
Dec 6, 2022
OpenFGA Authorization Bypass
High
CVE-2022-23542
was published
for
github.com/openfga/openfga
(Go)
Dec 20, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
Malicious takeover of previously owned ENS names
High
CVE-2020-5232
was published
for
@ensdomains/ens
(npm)
Jan 30, 2020
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2097
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Authorization bypass in express-jwt
High
CVE-2020-15084
was published
for
express-jwt
(npm)
Jun 30, 2020
Privilege escalation in Presto
High
CVE-2020-15087
was published
for
io.prestosql:presto-server
(Maven)
Jun 30, 2020
usememos/memos vulnerable to improper authorization
High
CVE-2022-4688
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher
High
CVE-2021-4200
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
ProTip!
Advisories are also available from the
GraphQL API