Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Deserialization of Untrusted Data in Flask-Caching Moderate
CVE-2021-33026 was published for Flask-Caching (pip) Jun 18, 2021
fluffy-critter
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
loguru vulnerable to improper privilege management Moderate
CVE-2022-0338 was published for loguru (pip) Jan 26, 2022
Improper Privilege Management in apache-airflow Moderate
CVE-2021-45230 was published for apache-airflow (pip) Jan 28, 2022
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Improper Privilege Management in Snipe-IT Moderate
CVE-2022-0579 was published for snipe/snipe-it (Composer) Feb 15, 2022
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers Moderate
CVE-2020-2023 was published for github.com/kata-containers/agent (Go) Feb 15, 2022
Elasticsearch privilege escalation Moderate
CVE-2022-23708 was published for org.elasticsearch:elasticsearch (Maven) Mar 4, 2022
Improper Privilege Management in Mattermost Moderate
CVE-2022-1332 was published for github.com/mattermost/mattermost-server/v5 (Go) Apr 14, 2022
kurt-r2c
Improper privilege management in pyftpdlib Moderate
CVE-2007-6741 was published for pyftpdlib (pip) May 1, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
PostgreSQL PL/Java Improper Privilege Management Moderate
CVE-2016-0767 was published for postgresql:pljava-public (Maven) May 13, 2022
Cloud Foundry UAA Identity Zone Admin Privilege Escalation Moderate
CVE-2017-8032 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
BaserCMS privilege escallation Moderate
CVE-2011-2674 was published for baserproject/basercms (Composer) May 13, 2022
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege Moderate
CVE-2014-3476 was published for keystone (pip) May 13, 2022
OpenStack Identity Keystone Improper Privilege Management Moderate
CVE-2014-0204 was published for keystone (pip) May 13, 2022
Mediawiki Improper Privilege Management Moderate
CVE-2018-0503 was published for mediawiki/core (Composer) May 13, 2022
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
ProTip! Advisories are also available from the GraphQL API