GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network...
High
Unreviewed
CVE-2024-38813
was published
Sep 17, 2024
Internal browser event interfaces were exposed to web content when privileged EventHandler...
High
Unreviewed
CVE-2024-8382
was published
Sep 3, 2024
Keycloak vulnerable to impersonation via logout token exchange
Low
CVE-2023-0657
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 17, 2024
Mattermost Server Improper Access Control
Low
CVE-2024-21848
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Ignite Realtime Openfire privilege escalation vulnerability
High
CVE-2024-25420
was published
for
org.igniterealtime.openfire:xmppserver
(Maven)
Mar 26, 2024
In the Linux kernel, the following vulnerability has been resolved:
netfilter: nft_ct: skip...
Moderate
Unreviewed
CVE-2021-47129
was published
Mar 15, 2024
netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction
New elements in...
Moderate
Unreviewed
CVE-2023-52433
was published
Feb 20, 2024
For migration as well as to work around kernels unaware of L1TF (see
XSA-273), PV guests may be...
High
Unreviewed
CVE-2023-34322
was published
Jan 5, 2024
An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a...
Moderate
Unreviewed
CVE-2023-26239
was published
Oct 5, 2023
Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE...
High
Unreviewed
CVE-2023-5369
was published
Oct 4, 2023
In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during...
High
Unreviewed
CVE-2023-35692
was published
Jul 14, 2023
In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification...
Low
Unreviewed
CVE-2023-21246
was published
Jul 13, 2023
Play With Docker < 0.0.2 has an insecure CAP_SYS_ADMIN privileged mode causing the docker...
Critical
Unreviewed
CVE-2023-34844
was published
Jun 29, 2023
A flaw was found in the QEMU virtio-fs shared file system daemon (virtiofsd) implementation. This...
High
Unreviewed
CVE-2022-0358
was published
Aug 29, 2022
Apache Superset allows authenticated users to access metadata they have no permission to
Moderate
CVE-2021-37839
was published
for
apache-superset
(pip)
Jul 7, 2022
An issue was discovered in HCC Embedded InterNiche NicheStack through 4.3. The tfshnd():tftpsrv.c...
High
Unreviewed
CVE-2021-36762
was published
May 24, 2022
SNMPTT before 1.4.2 allows attackers to execute shell code via EXEC, PREXEC, or unknown_trap_exec.
Critical
Unreviewed
CVE-2020-24361
was published
May 24, 2022
The docker packages version docker-1.13.1-108.git4ef4b30.el7 as released for Red Hat Enterprise...
Moderate
Unreviewed
CVE-2020-14300
was published
May 24, 2022
The version of docker as released for Red Hat Enterprise Linux 7 Extras via RHBA-2020:0053...
Moderate
Unreviewed
CVE-2020-14298
was published
May 24, 2022
In Zsh before 5.8, attackers able to execute commands can regain privileges dropped by the --no...
High
Unreviewed
CVE-2019-20044
was published
May 24, 2022
Moodle does not revoke role capabilities correctly
Moderate
CVE-2019-14879
was published
for
moodle/moodle
(Composer)
May 24, 2022
An issue was discovered in disable_priv_mode in shell.c in GNU Bash through 5.0 patch 11. By...
High
Unreviewed
CVE-2019-18276
was published
May 24, 2022
libuv before 0.10.34 does not properly drop group privileges, which allows context-dependent...
High
Unreviewed
CVE-2015-0278
was published
May 14, 2022
AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an error in privilege dropping...
Critical
Unreviewed
CVE-2017-6972
was published
May 13, 2022
Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead...
High
Unreviewed
CVE-2018-16466
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API