Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

135 advisories

Loading
Incorrect Authorization in WildFly Elytron High
CVE-2020-1748 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Incorrect Authorization in NATS nats-server High
CVE-2022-24450 was published for github.com/nats-io/nats-server/v2 (Go) Feb 8, 2022
Churro andrewpollock
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Improper Authorization in Keycloak High
CVE-2021-4133 was published for org.keycloak:keycloak-services (Maven) Jan 6, 2022
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Communities and collections administrators can escalate their privilege up to system administrator High
CVE-2021-41189 was published for org.dspace:dspace-api (Maven) Nov 1, 2021
abollini
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
BuddyPress privilege escalation via REST API High
CVE-2021-21389 was published for buddypress/buddypress (Composer) Oct 6, 2021
Cobbler before 3.3.0 allows authorization bypass for modification of settings. High
CVE-2021-40325 was published for cobbler (pip) Oct 5, 2021
Improper Authorization in Google OAuth Client High
CVE-2020-7692 was published for com.google.oauth-client:google-oauth-client (Maven) Sep 28, 2021
Incorrect Authorization with specially crafted requests High
CVE-2021-39206 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Incorrect Authorization in TeamPass High
CVE-2020-12477 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
Incorrect Authorization in ORY Oathkeeper High
CVE-2021-32701 was published for github.com/ory/oathkeeper (Go) Jun 24, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
github.com/nats-io/nats-server Import token permissions checking not enforced High
GHSA-j756-f273-xhp4 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
XWiki users registered with email verification can self re-activate their disabled accounts High
CVE-2021-32620 was published for org.xwiki.commons:xwiki-commons-core (Maven) May 18, 2021
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
Improper Input Validation in Laravel High
CVE-2020-24941 was published for laravel/framework (Composer) May 6, 2021
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database