GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Private data exposure via REST API in BuddyPress
High
CVE-2020-5244
was published
for
buddypress/buddypress
(Composer)
Feb 24, 2020
High severity vulnerability that affects org.apache.hbase:hbase
High
CVE-2015-1836
was published
for
org.apache.hbase:hbase
(Maven)
Oct 18, 2018
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
User can obtain JWT token even if account is disabled
High
GHSA-36mj-6r7r-mqhf
was published
for
ezsystems/ezplatform-rest
(Composer)
Sep 29, 2021
Sails before 0.12.7 vulnerable to Broken CORS
High
CVE-2016-10549
was published
for
sails
(npm)
Feb 18, 2019
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2019-7611
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Improper Access Control in Apache Derby
High
CVE-2010-2232
was published
for
org.apache.derby:derby
(Maven)
May 17, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-4165
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Improper Access Control in Apache Hadoop
High
CVE-2016-5393
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Improper Access Control in MySQL Connectors Java
High
CVE-2017-3523
was published
for
mysql:mysql-connector-java
(Maven)
May 13, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-1427
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Flarum post mentions can be used to read any post on the forum without access control
High
CVE-2023-22487
was published
for
flarum/mentions
(Composer)
Jan 10, 2023
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
ghost vulnerable to unauthorized newsletter modification via improper access controls
High
CVE-2022-41654
was published
for
ghost
(npm)
Nov 28, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
Incorrect Authorization in microweber
High
CVE-2022-1631
was published
for
microweber/microweber
(Composer)
May 10, 2022
High severity vulnerability that affects org.apache.cxf.fediz:fediz-spring and org.apache.cxf.fediz:fediz-spring2
High
CVE-2016-4464
was published
for
org.apache.cxf.fediz:fediz-spring
(Maven)
Oct 18, 2018
Improper Access Control in Apache Shiro
High
CVE-2016-6802
was published
for
org.apache.shiro:shiro-all
(Maven)
May 14, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4684
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control
High
CVE-2022-4689
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
ProTip!
Advisories are also available from the
GraphQL API