GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
36 advisories
Filter by severity
espeak-ruby allows arbitrary command execution
Critical
CVE-2016-10193
was published
for
espeak-ruby
(RubyGems)
Oct 24, 2017
Jetty contains an alias issue that could allow unauthenticated remote code execution due to specially crafted request
Critical
CVE-2016-4800
was published
for
org.eclipse.jetty:jetty-server
(Maven)
Oct 19, 2018
Improper Access Control in commons-fileupload
Critical
CVE-2016-1000031
was published
for
commons-fileupload:commons-fileupload
(Maven)
Dec 21, 2018
Consul gem insufficient authentication check - Multiple powers in one controller are not always checked correctly
Critical
CVE-2019-16377
was published
for
consul
(RubyGems)
Sep 27, 2019
Improper Access Control in jupyterhub-firstuseauthenticator
Critical
CVE-2021-41194
was published
for
jupyterhub-firstuseauthenticator
(pip)
Oct 28, 2021
Incorrect Access Control in Ignition
Critical
CVE-2021-43996
was published
for
facade/ignition
(Composer)
Nov 19, 2021
Unrestricted Upload of File with Dangerous Type in Drupal core
Critical
CVE-2020-13675
was published
for
drupal/core
(Composer)
Feb 12, 2022
Roundup xml-rpc server improper check of property permissions
Critical
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
Improper Access Control in SLF4J
Critical
CVE-2018-8088
was published
for
org.slf4j:slf4j-ext
(Maven)
May 13, 2022
Puppet Improper Access Control
Critical
CVE-2016-2785
was published
for
puppet
(RubyGems)
May 13, 2022
Apache Tomcat Improper Access Control vulnerability
Critical
CVE-2016-8735
was published
for
org.apache.tomcat:tomcat-catalina
(Maven)
May 13, 2022
Improper Access Control in Apache Shiro
Critical
CVE-2016-4437
was published
for
org.apache.shiro:shiro-core
(Maven)
May 14, 2022
Apache Ambari Improper Access Control
Critical
CVE-2016-6807
was published
for
org.apache.ambari:ambari
(Maven)
May 17, 2022
Salt allows deleted minions to read or write to minions with the same id
Critical
CVE-2016-9639
was published
for
salt
(pip)
May 17, 2022
Access control bypass in beego
Critical
CVE-2022-31259
was published
for
github.com/beego/beego
(Go)
May 22, 2022
Symfony Incorrect Access Control
Critical
CVE-2017-11365
was published
for
symfony/security
(Composer)
May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability
Critical
CVE-2019-12468
was published
for
mediawiki/core
(Composer)
May 24, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case
Critical
CVE-2020-12889
was published
for
MISP-maltego
(pip)
May 24, 2022
easyii CMS's File Upload Management vulnerable to unrestricted upload
Critical
CVE-2022-3771
was published
for
noumo/easyii
(Composer)
Oct 31, 2022
rdiffweb Improper Access Control vulnerability
Critical
CVE-2022-4724
was published
for
rdiffweb
(pip)
Dec 27, 2022
Answer contains Improper Access Control vulnerability
Critical
CVE-2023-0744
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
Critical
CVE-2023-26474
was published
for
org.xwiki.platform:xwiki-platform-legacy-oldcore
(Maven)
Mar 3, 2023
XWiki Platform users may execute anything with superadmin right through comments and async macro
Critical
CVE-2023-26471
was published
for
org.xwiki.platform:xwiki-platform-rendering-async-macro
(Maven)
Mar 3, 2023
XWiki Platform's async and display macro allow displaying and interacting with any document in restricted mode
Critical
CVE-2023-29526
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Apr 20, 2023
Access Control Bypass in Spring Security
Critical
CVE-2023-34034
was published
for
org.springframework.security:spring-security-config
(Maven)
Jul 19, 2023
ProTip!
Advisories are also available from the
GraphQL API