Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,779
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
Janssen Config API returns results without scope verification High
CVE-2025-53003 was published for io.jans:jans-config-api-server (Maven) Jun 30, 2025
Apache Linkis vulnerable to privilege escalation High
CVE-2024-27181 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Liferay Portal and Liferay DXP Has Company Administrator Accounts Vulnerable to Takeovers High
CVE-2021-33335 was published for com.liferay.portal:release.dxp.bom (Maven) May 24, 2022
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' High
CVE-2023-32194 was published for github.com/rancher/rancher (Go) Feb 8, 2024
AnonySE26
OpenStack Kolla sudo privilege escalation vulnerability High
CVE-2022-38060 was published for kolla (pip) Dec 21, 2022
XWiki uses the wrong wiki reference in AuthorizationManager High
CVE-2025-29924 was published for org.xwiki.platform:xwiki-platform-security-authorization-api (Maven) Mar 19, 2025
Buildah allows build breakout using malicious Containerfiles and concurrent builds High
CVE-2024-11218 was published for github.com/containers/buildah (Go) Jan 21, 2025
eriksjolund
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
Open WebUI Allows Admin Deletion via API Endpoint High
CVE-2024-7039 was published for open-webui (pip) Mar 20, 2025
NuGet Elevation of Privilege Vulnerability High
CVE-2022-41032 was published for NuGet.CommandLine (NuGet) Oct 11, 2022
kartheekp-ms JarLob
MinIO vulnerable to privilege escalation in IAM import API High
CVE-2024-55949 was published for github.com/minio/minio (Go) Dec 16, 2024
donatello
Hippo4j privilege escalation issue High
CVE-2023-27094 was published for cn.hippo4j:hippo4j-all (Maven) Mar 23, 2023
MobSF Local Privilege Escalation High
CVE-2025-24805 was published for mobsf (pip) Feb 5, 2025
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki High
CVE-2021-3978 was published for github.com/cloudflare/cfrpki (Go) Nov 19, 2021
ties
Zot IdP group membership revocation ignored High
CVE-2025-23208 was published for zotregistry.dev/zot (Go) Jan 17, 2025
jeff-mccoy
Account Takeover via Session Fixation in Zitadel [Bypassing MFA] High
CVE-2024-28197 was published for github.com/zitadel/zitadel (Go) Mar 11, 2024
amit-laish
Keycloak's admin API allows low privilege users to use administrative functions High
CVE-2024-3656 was published for org.keycloak:keycloak-services (Maven) Jun 11, 2024
Grafana's users with permissions to create a data source can CRUD all data sources High
CVE-2024-1442 was published for github.com/grafana/grafana (Go) Mar 7, 2024
Microcks's POST /api/import and POST /api/export endpoints allow non-administrator access High
CVE-2024-44076 was published for io.github.microcks:microcks-app (Maven) Aug 19, 2024
Harbor fails to validate the user permissions when updating project configurations High
CVE-2024-22278 was published for github.com/goharbor/harbor (Go) Jul 31, 2024
Calico privilege escalation vulnerability High
CVE-2024-33522 was published for github.com/projectcalico/calico (Go) Apr 30, 2024
Improper Access Control in Apache Airflow High
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
SciPy creates insecure temporary directories High
CVE-2013-4251 was published for scipy (pip) May 5, 2022
Plone Privilege Escallation High
CVE-2020-7938 was published for Plone (pip) May 24, 2022
Rancher's External RoleTemplates can lead to privilege escalation High
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database