Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,820
Erlang
36
GitHub Actions
32
Go
2,412
Maven
5,000+
npm
4,051
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,004
Swift
38
Unreviewed advisories
All unreviewed
5,000+

264 advisories

Loading
Moodle Improper Access Control vulnerability Moderate
CVE-2023-5549 was published for moodle/moodle (Composer) Nov 9, 2023
Pleaser privilege escalation vulnerability High
CVE-2023-46277 was published for pleaser (Rust) Oct 20, 2023
Grafana privilege escalation vulnerability Moderate
CVE-2023-4822 was published for github.com/grafana/grafana (Go) Oct 16, 2023
Puppet Bolt privilege escalation vulnerability Critical
CVE-2023-5214 was published for bolt (RubyGems) Oct 6, 2023
PrestaShop allows users to uninstall modules from backoffice, even with low rights Moderate
CVE-2023-43663 was published for prestashop/prestashop (Composer) Sep 28, 2023
PrestaShop allows employee without any access rights to list all installed modules Moderate
CVE-2023-43664 was published for prestashop/prestashop (Composer) Sep 28, 2023
Privilege Escalation on Linux/MacOS High
CVE-2023-28434 was published for github.com/minio/minio (Go) Sep 5, 2023
donatello harshavardhana
RicterZ
usememos/memos vulnerable to privilege escalation High
CVE-2023-4697 was published for github.com/usememos/memos (Go) Sep 1, 2023
OpenNMS privilege elevation vulnerability High
CVE-2023-0872 was published for org.opennms:opennms-webapp-rest (Maven) Aug 14, 2023
Ineffective privileges drop when requesting container network Moderate
CVE-2023-38496 was published for github.com/apptainer/apptainer (Go) Jul 25, 2023
KubePi Privilege Escalation vulnerability Critical
CVE-2023-37917 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd
Apache Cassandra: Privilege escalation when enabling FQL/Audit logs High
CVE-2023-30601 was published for org.apache.cassandra:cassandra-all (Maven) Jul 6, 2023
hanqiuzh
Apache InLong Improper Privilege Management vulnerability Critical
CVE-2023-31062 was published for org.apache.inlong:manager-dao (Maven) Jul 6, 2023
Apache StreamPipes Improper Privilege Management vulnerability High
CVE-2023-31469 was published for org.apache.streampipes:streampipes-parent (Maven) Jun 23, 2023
XWiki Platform's Mail.MailConfig can be edited by any user with edit rights Critical
CVE-2023-34465 was published for org.xwiki.platform:xwiki-platform-mail-send-default (Maven) Jun 20, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets Critical
CVE-2023-22647 was published for github.com/rancher/rancher (Go) Jun 6, 2023
andrewpollock
Missing "--allow-net" permission check for built-in Node modules High
CVE-2023-33966 was published for deno (Rust) May 31, 2023
sylc
Rancher Webhook is misconfigured during upgrade process Critical
CVE-2023-22651 was published for github.com/rancher/rancher (Go) Apr 24, 2023
pjbgf
Improper Privilege Management in microweber High
CVE-2023-2240 was published for microweber/microweber (Composer) Apr 22, 2023
A potential risk in clusternet which can be leveraged to make a cluster-level privilege escalation Moderate
CVE-2023-30622 was published for github.com/clusternet/clusternet (Go) Apr 21, 2023
younaman dixudx
lmxia
Apache Spark vulnerable to Improper Privilege Management Critical
CVE-2023-22946 was published for org.apache.spark:spark-core_2.12 (Maven) Apr 17, 2023
pan3793
OpenFeature Operator vulnerable to Cluster-level Privilege Escalation High
CVE-2023-29018 was published for github.com/open-feature/open-feature-operator (Go) Apr 12, 2023
younaman thisthat
bacherfl
thorsten/phpmyfaq vulnerable privilege escalation from improper privilege management High
CVE-2023-1762 was published for thorsten/phpmyfaq (Composer) Mar 31, 2023
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process Moderate
CVE-2023-28436 was published for tailscale.com (Go) Mar 23, 2023
rmb938
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database