GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,482
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
3,060 advisories
Filter by severity
The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain...
High
Unreviewed
CVE-2024-23457
was published
May 1, 2024
Privilege Escalation in WRSA.EXE in Webroot Antivirus 8.0.1X- 9.0.35.12 on
Windows64 bit and 32...
High
Unreviewed
CVE-2023-7241
was published
May 1, 2024
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
In vulnerable versions of Calico (v3.27.2 and below), Calico Enterprise (v3.19.0-1, v3.18.1, v3...
Moderate
Unreviewed
CVE-2024-33522
was published
Apr 30, 2024
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
SciPy creates insecure temporary directories
High
CVE-2013-4251
was published
for
scipy
(pip)
May 5, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
EC-CUBE Improper access control vulnerability
High
CVE-2021-20778
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
BuddyPress Docs plugin Improper Privilege Management
Moderate
CVE-2017-6954
was published
for
buddypress/buddypress
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15053
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15052
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
High
CVE-2017-15055
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
High
CVE-2019-6287
was published
for
github.com/rancher/rancher
(Go)
May 13, 2022
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows...
Critical
Unreviewed
CVE-2023-51425
was published
Apr 24, 2024
phpMyAdmin Improper Privilege Management
Critical
CVE-2017-18264
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
CodeIgniter Improper Privilege Management
High
CVE-2020-10793
was published
for
codeigniter4/framework
(Composer)
May 24, 2022
Moodle External blog editing takeover
Moderate
CVE-2017-7489
was published
for
moodle/moodle
(Composer)
May 13, 2022
Moodle Improper Privilege Management
Moderate
CVE-2018-1134
was published
for
moodle/moodle
(Composer)
May 13, 2022
Drupal Users without "Administer comments" can set comment visibility on nodes they can edit
Moderate
CVE-2016-7570
was published
for
drupal/core
(Composer)
May 17, 2022
Drupal Entity access bypass for entities that do not have UUIDs or have protected revisions
Critical
CVE-2017-6925
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal REST API can bypass comment approval
High
CVE-2017-6924
was published
for
drupal/core
(Composer)
May 13, 2022
Drupal saving user accounts can sometimes grant the user all roles
High
CVE-2016-3169
was published
for
drupal/core
(Composer)
May 17, 2022
Tryton Information Disclosure Vulnerability
Moderate
CVE-2017-0360
was published
for
trytond
(pip)
May 13, 2022
APM Java Agent Local Privilege Escalation
High
CVE-2021-37941
was published
for
elastic-apm
(pip)
Dec 9, 2021
ProTip!
Advisories are also available from the
GraphQL API