GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key in url-parse
Critical
CVE-2022-0686
was published
for
url-parse
(npm)
Feb 21, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Missing key verification in gost
Critical
CVE-2024-39223
was published
for
github.com/ginuerzh/gost
(Go)
Jul 3, 2024
ProTip!
Advisories are also available from the
GraphQL API