GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,709
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
High
CVE-2024-24747
was published
for
github.com/minio/minio
(Go)
Feb 1, 2024
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
Kruise allows leveraging the kruise-daemon pod to list all secrets in the entire cluster
Moderate
CVE-2023-30617
was published
for
github.com/openkruise/kruise
(Go)
Jan 5, 2024
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
GHSA-m8rw-rcpq-2vp2
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
Grafana privilege escalation vulnerability
Moderate
CVE-2023-4822
was published
for
github.com/grafana/grafana
(Go)
Oct 16, 2023
Privilege Escalation on Linux/MacOS
High
CVE-2023-28434
was published
for
github.com/minio/minio
(Go)
Sep 5, 2023
usememos/memos vulnerable to privilege escalation
High
CVE-2023-4697
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
Ineffective privileges drop when requesting container network
Moderate
CVE-2023-38496
was published
for
github.com/apptainer/apptainer
(Go)
Jul 25, 2023
KubePi Privilege Escalation vulnerability
Critical
CVE-2023-37917
was published
for
github.com/KubeOperator/kubepi
(Go)
Jul 21, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2023-22647
was published
for
rancher/rancher
(Go)
Jun 6, 2023
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation
Moderate
CVE-2023-30622
was published
for
github.com/clusternet/clusternet
(Go)
Apr 21, 2023
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation
High
CVE-2023-29018
was published
for
github.com/open-feature/open-feature-operator
(Go)
Apr 12, 2023
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process
Moderate
CVE-2023-28436
was published
for
tailscale.com
(Go)
Mar 23, 2023
Supplementary groups are not set up properly in github.com/containerd/containerd
Moderate
CVE-2023-25173
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43759
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
usememos/memos Improper Privilege Management vulnerability
High
CVE-2022-4808
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos makes Incorrect Use of Privileged APIs
High
CVE-2022-4687
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
ProTip!
Advisories are also available from the
GraphQL API