Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,800
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,805
Pub
12
RubyGems
927
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Duplicate Advisory: GHSA-x698-5hjm-w2m5 High
GHSA-2wcm-vx67-3x4q was published for pyload-ng (pip) Jul 8, 2025 withdrawn
Insecure default config access in WriteFreely High
CVE-2025-24337 was published for github.com/writefreely/writefreely (Go) Jan 20, 2025
Improper Preservation of Permissions in xxl-job High
CVE-2024-42681 was published for com.xuxueli:xxl-job-core (Maven) Aug 15, 2024
AnonySE26
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Missing permission checks on Hazelcast client protocol High
CVE-2023-45859 was published for com.hazelcast:hazelcast (Maven) Feb 27, 2024
jorditpuig
Disabled permissions can be granted by Jenkins SSH2 Easy Plugin High
CVE-2023-41939 was published for org.jenkins-ci.plugins:ssh2easy (Maven) Sep 6, 2023
vantage6 vulnerable to Improper Preservation of Permissions High
CVE-2023-22738 was published for vantage6 (pip) Feb 28, 2023
AList vulnerable to Improper Preservation of Permissions High
CVE-2022-45968 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Improper Preservation of Permissions in Apache Struts High
CVE-2019-0233 was published for org.apache.struts:struts2-core (Maven) May 24, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux High
CVE-2021-43816 was published for github.com/containerd/containerd (Go) Jan 6, 2022
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki High
CVE-2021-3978 was published for github.com/cloudflare/cfrpki (Go) Nov 19, 2021
ties
Access control flaw in Kiali High
CVE-2021-3495 was published for github.com/kiali/kiali (Go) Jun 8, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database