Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

123 advisories

Loading
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
Bots using py-cord as Discord API wrapper are vulnerable to shutdowns through remote code execution High
CVE-2022-36024 was published for py-cord (pip) Aug 18, 2022
NeloBlivion BobDotCom
Magento Improper Access Control vulnerability High
CVE-2022-34255 was published for magento/community-edition (Composer) Aug 17, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
OctoPrint Incorrect Access Control High
CVE-2021-32560 was published for octoprint (pip) May 24, 2022
Moodle incorrect access control High
CVE-2020-25629 was published for moodle/moodle (Composer) May 24, 2022
MediaWiki Incorrect Access Control vulnerability High
CVE-2019-12472 was published for mediawiki/core (Composer) May 24, 2022
TYPO3 Remote File Disclosure vulnerability in the jumpUrl mechanism High
CVE-2010-3714 was published for typo3/cms (Composer) May 17, 2022
OpenStack Keystone Allows Remote User Account Creation High
CVE-2012-3542 was published for keystone (pip) May 17, 2022
Plone Unrestricted Filed Manipulation vulnerability via content edit forms High
CVE-2013-4193 was published for plone (pip) May 17, 2022
Plone Improper Access Control Vulnerability High
CVE-2013-4197 was published for plone (pip) May 17, 2022
Drupal Access Control Bypass High
CVE-2011-2687 was published for drupal/core (Composer) May 17, 2022
Drupal Form API ignores access restrictions on submit buttons High
CVE-2016-3165 was published for drupal/core (Composer) May 17, 2022
Drupal File upload access bypass and denial of service High
CVE-2016-3162 was published for drupal/core (Composer) May 17, 2022
Django Access Restrictions Bypass High
CVE-2016-2048 was published for django (pip) May 17, 2022
MarkLee131
Improper Access Control in Apache Hadoop High
CVE-2016-5393 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Mercurial vulnerable to arbitrary code execution when converting Git repos High
CVE-2016-3105 was published for mercurial (pip) May 17, 2022
Drupal Node Validation Bypass in the node module API High
CVE-2008-4793 was published for drupal/drupal (Composer) May 17, 2022
MoinMoin Access Restrictions Bypassed due to improper ACL enforcement High
CVE-2008-6603 was published for moin (pip) May 17, 2022
Path Traversal in Apache Atlas High
CVE-2016-8752 was published for org.apache.atlas:atlas-common (Maven) May 17, 2022
Plone unauthorized member addition vulnerability High
CVE-2015-7315 was published for Plone (pip) May 17, 2022
Improper Access Control in Apache Derby High
CVE-2010-2232 was published for org.apache.derby:derby (Maven) May 17, 2022
Improper Access Control in Elasticsearch High
CVE-2015-1427 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Improper Access Control in Elasticsearch High
CVE-2015-4165 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
Improper Access Control in Apache Shiro High
CVE-2016-6802 was published for org.apache.shiro:shiro-all (Maven) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database