GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
208 advisories
Filter by severity
Neo4j Cypher component mishandles IMMUTABLE privileges
Moderate
CVE-2024-34517
was published
for
org.neo4j:neo4j-cypher
(Maven)
May 7, 2024
Privilege Escalation in TYPO3 CMS
Moderate
GHSA-v5jp-4h2p-j2p4
was published
for
typo3/cms
(Composer)
Jun 5, 2024
TYPO3 may allow editors to change, create, or delete metadata of files not within their file mounts
High
GHSA-4r76-xr68-w7m7
was published
for
typo3/cms
(Composer)
May 30, 2024
TYPO3 Broken Access Control in Localization Handling
Moderate
GHSA-9rx9-7fmh-gj3g
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
GHSA-m8rw-rcpq-2vp2
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Moderate
CVE-2022-29526
was published
for
golang.org/x/sys
(Go)
Jun 24, 2022
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
Mediawiki Improper Privilege Management
Moderate
CVE-2018-0503
was published
for
mediawiki/core
(Composer)
May 13, 2022
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
OpenStack Identity Keystone Improper Privilege Management
Moderate
CVE-2014-0204
was published
for
keystone
(pip)
May 13, 2022
OpenStack Identity Keystone is vulnerable to Block delegation escalation of privilege
Moderate
CVE-2014-3476
was published
for
keystone
(pip)
May 13, 2022
Drupal Saving user accounts can sometimes grant the user all roles
High
CVE-2016-6211
was published
for
drupal/core
(Composer)
May 17, 2022
Celery local privilege escalation vulnerability
Moderate
CVE-2011-4356
was published
for
celery
(pip)
May 17, 2022
OpenStack Keystone EC2 and/or credential endpoints are not protected from a scoped context
High
CVE-2020-12689
was published
for
keystone
(pip)
May 24, 2022
SciPy creates insecure temporary directories
High
CVE-2013-4251
was published
for
scipy
(pip)
May 5, 2022
bbPress unauthenticated privilege-escalation
Critical
CVE-2020-13693
was published
for
bbpress/bbpress
(Composer)
May 24, 2022
EC-CUBE Improper access control vulnerability
High
CVE-2021-20778
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
BuddyPress Docs plugin Improper Privilege Management
Moderate
CVE-2017-6954
was published
for
buddypress/buddypress
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15053
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
Moderate
CVE-2017-15052
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
TeamPass Improper Privilege Management
High
CVE-2017-15055
was published
for
nilsteampassnet/teampass
(Composer)
May 13, 2022
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
High
CVE-2019-6287
was published
for
github.com/rancher/rancher
(Go)
May 13, 2022
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
ProTip!
Advisories are also available from the
GraphQL API