Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,358
Maven
5,000+
npm
3,979
NuGet
720
pip
3,777
Pub
12
RubyGems
924
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

79 advisories

Loading
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
Ash Authentication has flawed token revocation checking logic in actions generated by `mix ash_authentication.install` Moderate
CVE-2025-25202 was published for ash_authentication (Erlang) Feb 11, 2025
wilburyang zachdaniel
jimsynz
Directus allows privilege escalation using Share feature Moderate
CVE-2025-24353 was published for @directus/app (npm) Jan 23, 2025
viters m3t3kh4n
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
pjfanning
Access control vulnerable to user data deletion by anonynmous users Moderate
CVE-2024-51734 was published for AccessControl (pip) Nov 4, 2024
n1k9 d-maurer
perrinjerome dataflake
SpiceDB having multiple caveats on resources of the same type may improperly result in no permission Moderate
CVE-2024-46989 was published for github.com/authzed/spicedb (Go) Sep 18, 2024
tim-mod
OpenShift Controller Manager Improper Privilege Management Moderate
CVE-2024-45496 was published for github.com/openshift/openshift-controller-manager (Go) Sep 17, 2024
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation Moderate
CVE-2024-43403 was published for github.com/kanisterio/kanister (Go) Aug 20, 2024 withdrawn
younaman hairyhum
The Argo CD web terminal session does not handle the revocation of user permissions properly Moderate
CVE-2024-41666 was published for github.com/argoproj/argo-cd/v2 (Go) Jul 24, 2024
ClownandBox crenshaw-dev
pasha-codefresh
Privilege Escalation in TYPO3 CMS Moderate
GHSA-v5jp-4h2p-j2p4 was published for typo3/cms (Composer) Jun 5, 2024
TYPO3 Broken Access Control in Localization Handling Moderate
GHSA-9rx9-7fmh-gj3g was published for typo3/cms-core (Composer) May 30, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
Neo4j Cypher component mishandles IMMUTABLE privileges Moderate
CVE-2024-34517 was published for org.neo4j:neo4j-cypher (Maven) May 7, 2024
irene221b
Jenkins Git server Plugin does not perform a permission check Moderate
CVE-2024-34146 was published for org.jenkins-ci.plugins:git-server (Maven) May 2, 2024
Podman affected by CVE-2024-1753 container escape at build time Moderate
CVE-2024-1753 was published for github.com/containers/podman/v4 (Go) Mar 28, 2024
rmcnamara-snyk
Users with `create` but not `override` privileges can perform local sync Moderate
CVE-2023-50726 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
crenshaw-dev
HashiCorp Vault Improper Privilege Management Moderate
CVE-2020-10660 was published for github.com/hashicorp/vault (Go) Jan 30, 2024
andrewpollock
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster Moderate
CVE-2023-30617 was published for github.com/openkruise/kruise (Go) Jan 5, 2024
Craft CMS Privilege Escalation Moderate
CVE-2024-21622 was published for craftcms/cms (Composer) Jan 3, 2024
johnax0
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5549 was published for moodle/moodle (Composer) Nov 9, 2023
Grafana privilege escalation vulnerability Moderate
CVE-2023-4822 was published for github.com/grafana/grafana (Go) Oct 16, 2023
PrestaShop allows users to uninstall modules from backoffice, even with low rights Moderate
CVE-2023-43663 was published for prestashop/prestashop (Composer) Sep 28, 2023
PrestaShop allows employee without any access rights to list all installed modules Moderate
CVE-2023-43664 was published for prestashop/prestashop (Composer) Sep 28, 2023
Ineffective privileges drop when requesting container network Moderate
CVE-2023-38496 was published for github.com/apptainer/apptainer (Go) Jul 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database