GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Kyverno's PolicyException objects can be created in any namespace by default
High
CVE-2024-48921
was published
for
github.com/kyverno/kyverno
(Go)
Oct 29, 2024
Pomerium service account access token may grant unintended access to databroker API
High
CVE-2024-47616
was published
for
github.com/pomerium/pomerium
(Go)
Oct 2, 2024
Capsule tenant owner with "patch namespace" permission can hijack system namespaces
High
CVE-2024-39690
was published
for
github.com/projectcapsule/capsule
(Go)
Aug 20, 2024
OpenFGA Authorization Bypass
High
CVE-2024-42473
was published
for
github.com/openfga/openfga
(Go)
Aug 9, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
High
CVE-2022-29946
was published
for
github.com/nats-io/nats-server/v2
(Go)
Jul 11, 2024
Evmos vulnerable to exploit of smart contract account and vesting
High
CVE-2024-39696
was published
for
github.com/evmos/evmos/v18
(Go)
Jul 10, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
ZITADEL's actions can overload reserved claims
High
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Rancher users retain access after moving namespaces into projects they don't have access to
High
CVE-2020-10676
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
Mattermost Incorrect Authorization vulnerability
High
CVE-2023-2515
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
May 12, 2023
On a compromised node, the virt-handler service account can be used to modify all node specs
High
CVE-2023-26484
was published
for
kubevirt.io/kubevirt
(Go)
Mar 16, 2023
KubeOperator allows unauthorized access to system API
High
CVE-2023-22480
was published
for
github.com/KubeOperator/KubeOperator
(Go)
Jan 9, 2023
destiny.gg chat vulnerable to cross-site request forgery
High
CVE-2020-36625
was published
for
github.com/destinygg/chat
(Go)
Dec 22, 2022
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
High
CVE-2022-46167
was published
for
github.com/clastix/capsule
(Go)
Dec 5, 2022
Istio may allow identity impersonation if user has localhost access
High
CVE-2022-39388
was published
for
github.com/istio/istio
(Go)
Nov 9, 2022
Harbor fails to validate the user permissions when updating tag retention policies
High
CVE-2022-31670
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Talos worker join token can be used to get elevated access level to the Talos API
High
CVE-2022-36103
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification
High
CVE-2022-2990
was published
for
github.com/containers/buildah
(Go)
Sep 14, 2022
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification
High
CVE-2022-2989
was published
for
github.com/containers/podman/v3
(Go)
Sep 14, 2022
Broken Authorization in ZITADEL Actions
High
CVE-2022-36051
was published
for
github.com/zitadel/zitadel
(Go)
Aug 30, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
High
CVE-2022-1025
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 13, 2022
Kubernetes kube-apiserver unauthorized access
High
CVE-2019-11247
was published
for
k8s.io/apiextensions-apiserver
(Go)
May 24, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Incorrect Authorization in imgcrypt
High
CVE-2022-24778
was published
for
github.com/containerd/imgcrypt
(Go)
Mar 28, 2022
ProTip!
Advisories are also available from the
GraphQL API