Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
SaToken authentication bypass vulnerability High
CVE-2023-43961 was published for cn.dev33:sa-token-core (Maven) Oct 25, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions High
CVE-2023-4853 was published for io.quarkus:quarkus-csrf-reactive (Maven) Sep 20, 2023
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
Paths contain matrix variables bypass decorators High
CVE-2023-38493 was published for com.linecorp.armeria:armeria (Maven) Jul 25, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization High
CVE-2023-30428 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel High
CVE-2023-35166 was published for org.xwiki.platform:xwiki-platform-help-ui (Maven) Jun 20, 2023
Rancher users retain access after moving namespaces into projects they don't have access to High
CVE-2020-10676 was published for github.com/rancher/rancher (Go) Jun 6, 2023
Mattermost Incorrect Authorization vulnerability High
CVE-2023-2515 was published for github.com/mattermost/mattermost-server/v6 (Go) May 12, 2023
On a compromised node, the virt-handler service account can be used to modify all node specs High
CVE-2023-26484 was published for kubevirt.io/kubevirt (Go) Mar 16, 2023
younaman XDTG
Incorrect Authorization in Jenkins Core High
CVE-2023-27899 was published for org.jenkins-ci.main:jenkins-core (Maven) Mar 10, 2023
westonsteimel
api-platform/core's secured properties may be accessible within collections High
CVE-2023-25575 was published for api-platform/core (Composer) Feb 28, 2023
Toflar soyuka
KubeOperator allows unauthorized access to system API High
CVE-2023-22480 was published for github.com/KubeOperator/KubeOperator (Go) Jan 9, 2023
suanve
Uniswap Universal Router Incorrect Authorization vulnerability High
CVE-2022-48216 was published for @uniswap/universal-router (npm) Jan 4, 2023
destiny.gg chat vulnerable to cross-site request forgery High
CVE-2020-36625 was published for github.com/destinygg/chat (Go) Dec 22, 2022
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov whatev3n
Istio may allow identity impersonation if user has localhost access High
CVE-2022-39388 was published for github.com/istio/istio (Go) Nov 9, 2022
howardjohn
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Talos worker join token can be used to get elevated access level to the Talos API High
CVE-2022-36103 was published for github.com/talos-systems/talos (Go) Sep 16, 2022
smira
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2989 was published for github.com/containers/podman/v3 (Go) Sep 14, 2022
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2990 was published for github.com/containers/buildah (Go) Sep 14, 2022
Barbican authorization flaw before v14.0.0 High
CVE-2022-23451 was published for barbican (pip) Sep 7, 2022
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database