GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,370 advisories
Filter by severity
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege...
High
Unreviewed
CVE-2021-36307
was published
Nov 21, 2021
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested...
High
Unreviewed
CVE-2021-44038
was published
Nov 20, 2021
Insufficient security control vulnerability in internal database access mechanism of Hitachi...
High
Unreviewed
CVE-2021-35534
was published
Nov 19, 2021
Improper privilege management in Keycloak
High
CVE-2020-14389
was published
for
org.keycloak:keycloak-core
(Maven)
Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39168
was published
for
@openzeppelin/contracts-upgradeable
(npm)
Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts
Critical
CVE-2021-39167
was published
for
@openzeppelin/contracts
(npm)
Aug 30, 2021
Privilege escalation via form generator
High
CVE-2021-37627
was published
for
contao/contao
(Composer)
Aug 23, 2021
Privilege escalation: all users can access Admin-level API keys
Moderate
CVE-2021-39192
was published
for
ghost
(npm)
Jul 22, 2021
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Deserialization of Untrusted Data in Flask-Caching
Moderate
CVE-2021-33026
was published
for
Flask-Caching
(pip)
Jun 18, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code
Moderate
CVE-2021-21430
was published
for
org.openapitools:openapi-generator
(Maven)
May 11, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI-Generator online generator
Critical
CVE-2021-21428
was published
for
org.openapitools:openapi-generator-online
(Maven)
May 11, 2021
Privilege escalation in spring security
High
CVE-2021-22112
was published
for
org.springframework.security:spring-security-bom
(Maven)
May 10, 2021
Incorrect Session Validation in Apache Airflow
High
CVE-2020-17526
was published
for
apache-airflow
(pip)
Apr 20, 2021
Any logged in user could edit any other logged in user.
High
CVE-2021-29452
was published
for
@curveball/a12n-server
(npm)
Apr 19, 2021
Improper Access Control in Apache Airflow
High
CVE-2021-26559
was published
for
apache-airflow
(pip)
Apr 7, 2021
Privilage Escalation in moodle
High
CVE-2020-25699
was published
for
moodle/moodle
(Composer)
Mar 29, 2021
Privilege Escalation Flaw in Elasticsearch
Moderate
CVE-2020-7014
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Privilege Context Switching Error in Elasticsearch
Low
CVE-2020-7020
was published
for
org.elasticsearch:elasticsearch
(Maven)
Mar 18, 2021
Privilege escalation by backend users assigned to the default "Publisher" system role
Low
CVE-2020-15248
was published
for
october/backend
(Composer)
Nov 23, 2020
Improper Privilege Management in Tomcat
Critical
CVE-2020-1938
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jun 15, 2020
ProTip!
Advisories are also available from the
GraphQL API