GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
127 advisories
Filter by severity
RKE2 allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Critical
GHSA-x7xj-jvwp-97rv
was published
for
github.com/rancher/rke2
(Go)
Oct 25, 2024
Rancher allows privilege escalation in Windows nodes due to Insecure Access Control Lists
Critical
CVE-2023-32197
was published
for
github.com/rancher/rancher
(Go)
Oct 25, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD>
High
GHSA-34qg-65m4-f23m
was published
for
froxlor/froxlor
(Composer)
Aug 23, 2024
Kubean vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-41820
was published
for
github.com/kubean-io/kubean
(Go)
Aug 5, 2024
snapd failed to restrict writes to the $HOME/bin path
Moderate
CVE-2024-1724
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Moderate
CVE-2022-24769
was published
for
github.com/docker/docker
(Go)
Apr 22, 2024
WiX based installers are vulnerable to binary hijack when run as SYSTEM
High
CVE-2024-29187
was published
for
WixToolset.Sdk
(NuGet)
Mar 25, 2024
Apache Solr Schema Designer blindly "trusts" all configsets
Low
CVE-2023-50292
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Spring Cloud Contract vulnerable to local information disclosure
Low
CVE-2024-22236
was published
for
org.springframework.cloud:spring-cloud-contract-shade
(Maven)
Jan 31, 2024
Record titles for restricted records can be viewed if exposed by GridFieldAddExistingAutocompleter
Moderate
CVE-2023-48714
was published
for
silverstripe/framework
(Composer)
Jan 23, 2024
Local Privilege Escalation in Windows
High
CVE-2023-49797
was published
for
pyinstaller
(pip)
Dec 9, 2023
xxl-job-admin vulnerable to Insecure Permissions
Moderate
CVE-2023-48087
was published
for
com.xuxueli:xxl-job-admin
(Maven)
Nov 15, 2023
Decidim has broken access control in templates
High
CVE-2023-36465
was published
for
decidim
(RubyGems)
Oct 5, 2023
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High
CVE-2023-5077
was published
for
github.com/hashicorp/vault
(Go)
Sep 29, 2023
Cargo not respecting umask when extracting crate archives
High
CVE-2023-38497
was published
for
cargo
(Rust)
Aug 3, 2023
Apache InLong vulnerable to Incorrect Permission Assignment for Critical Resource
High
CVE-2023-31454
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
Apache InLong Incorrect Permission Assignment for Critical Resource Vulnerability
High
CVE-2023-31453
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
Apache Tomcat vulnerable to information leak
High
CVE-2023-34981
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 21, 2023
Arbitrary file read vulnerability in Jenkins AWS CodeCommit Trigger Plugin
Moderate
CVE-2023-35147
was published
for
org.jenkins-ci.plugins:aws-codecommit-trigger
(Maven)
Jun 14, 2023
ProTip!
Advisories are also available from the
GraphQL API