GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,040
Maven
5,000+
npm
3,732
NuGet
662
pip
3,413
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
XWiki allows remote code execution through the extension sheet
Critical
CVE-2024-55662
was published
for
org.xwiki.platform:xwiki-platform-repository-server-ui
(Maven)
Dec 12, 2024
Improper Authentication vulnerability in Apache Solr
Critical
CVE-2024-45216
was published
for
org.apache.solr:solr
(Maven)
Oct 16, 2024
GoAuthentik vulnerable to Insufficient Authorization for several API endpoints
Critical
CVE-2024-42490
was published
for
goauthentik.io
(Go)
Aug 22, 2024
fabedge has insecure permissions
Critical
CVE-2024-36536
was published
for
github.com/fabedge/fabedge
(Go)
Jul 24, 2024
XWiki programming rights may be inherited by inclusion
Critical
CVE-2024-38369
was published
for
org.xwiki.platform:xwiki-platform-rendering-macro-include
(Maven)
Jun 24, 2024
Apache Submarine Server Core Incorrect Authorization vulnerability
Critical
CVE-2024-36265
was published
for
apache-submarine
(Maven)
Jun 12, 2024
lunary-ai/lunary allows users unauthorized access to projects
Critical
CVE-2024-4146
was published
for
lunary
(npm)
Jun 8, 2024
•
withdrawn
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Pixelfed doesn't check OAuth Scopes in API routes, giving elevated permissions
Critical
CVE-2024-25108
was published
for
pixelfed/pixelfed
(Composer)
Feb 12, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
XWiki Platform privilege escalation from script right to programming right through title displayer
Critical
CVE-2023-46244
was published
for
org.xwiki.platform:xwiki-platform-display-api
(Maven)
Nov 7, 2023
Vyper has incorrectly allocated named re-entrancy locks
Critical
CVE-2023-39363
was published
for
vyper
(pip)
Aug 9, 2023
Apache Pulsar Incorrect Authorization vulnerability
Critical
CVE-2023-30429
was published
for
org.apache.pulsar:pulsar
(Maven)
Jul 12, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Privilege escalation (PR)/RCE from account through class sheet
Critical
CVE-2023-32069
was published
for
org.xwiki.platform:xwiki-platform-test-ui
(Maven)
May 11, 2023
Privilege escalation in MOSN
Critical
CVE-2021-32163
was published
for
mosn.io/mosn
(Go)
Feb 17, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets
Critical
CVE-2023-23947
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 16, 2023
Dompdf vulnerable to URI validation failure on SVG parsing
Critical
CVE-2023-23924
was published
for
dompdf/dompdf
(Composer)
Feb 1, 2023
JWT audience claim is not verified
Critical
CVE-2023-22482
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Multiple vulnerabilities in extension "Newsletter subscriber management" (fp_newsletter)
Critical
CVE-2022-47408
was published
for
fixpunkt/fp-newsletter
(Composer)
Dec 14, 2022
Spring Security authorization rules can be bypassed via forward or include dispatcher types
Critical
CVE-2022-31692
was published
for
org.springframework.security:spring-security-core
(Maven)
Nov 1, 2022
Field-level access-control bypass for multiselect field
Critical
CVE-2022-39322
was published
for
@keystone-6/core
(npm)
Oct 18, 2022
Pebble Templates protection mechanism bypass can lead to arbitrary code execution
Critical
CVE-2022-37767
was published
for
io.pebbletemplates:pebble
(Maven)
Sep 13, 2022
Openstack Keystone Incorrect Authorization vulnerability
Critical
CVE-2021-3563
was published
for
keystone
(pip)
Aug 27, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Critical
CVE-2022-35924
was published
for
next-auth
(npm)
Aug 2, 2022
ProTip!
Advisories are also available from the
GraphQL API