GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,236
Erlang
28
GitHub Actions
16
Go
1,639
Maven
4,910
npm
3,436
NuGet
594
pip
2,672
Pub
10
RubyGems
821
Rust
760
Swift
34
Unreviewed advisories
All unreviewed
5,000+
17,941 advisories
Filter by severity
Information disclosure in podman
Moderate
CVE-2020-14370
was published
for
github.com/containers/podman/v2
(Go)
Apr 24, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
pyLoad allows upload to arbitrary folder lead to RCE
Critical
CVE-2024-32880
was published
for
pyload-ng
(pip)
Apr 24, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher Privilege escalation vulnerability via malicious "Connection" header
High
CVE-2021-31999
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Improper Access Control in Gitea
Critical
CVE-2020-28991
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Buffer Overflow in gitea
High
CVE-2021-3382
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
Kubelet Incorrect Privilege Assignment
Moderate
CVE-2019-11245
was published
for
k8s.io/kubernetes/cmd/kubelet
(Go)
Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8563
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes
Moderate
CVE-2020-8566
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 24, 2024
Access Restriction Bypass in go-ipfs
High
CVE-2020-10937
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 24, 2024
Denial of service in Kubernetes
Moderate
CVE-2020-8557
was published
for
k8s.io/kubernetes/pkg/kubelet
(Go)
Apr 24, 2024
Privilege Escalation in Kubernetes
Moderate
CVE-2020-8559
was published
for
k8s.io/apimachinery
(Go)
Apr 24, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7666
was published
for
github.com/u-root/u-root/pkg/cpio
(Go)
Apr 24, 2024
social-auth-app-django affected by Improper Handling of Case Sensitivity
Moderate
CVE-2024-32879
was published
for
social-auth-app-django
(pip)
Apr 24, 2024
CosmWasm affected by arithmetic overflows
Low
GHSA-8724-5xmm-w5xq
was published
for
cosmwasm-std
(Rust)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `GET /api/v1/policies/validation/condition/<expr>` (`GHSL-2023-236`)
High
CVE-2024-28848
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
OpenMetadata vulnerable to a SpEL Injection in `PUT /api/v1/events/subscriptions` (`GHSL-2023-251`)
High
CVE-2024-28847
was published
for
org.open-metadata:openmetadata-service
(Maven)
Apr 24, 2024
Umbraco Workflow's Backoffice users can execute arbitrary SQL
Moderate
CVE-2024-32872
was published
for
Plumber.Workflow
(NuGet)
Apr 24, 2024
Pimcore TinyMCE Bundle - tinymce CVE-2024-29203, CVE-2024-29881
Moderate
GHSA-vjwg-28gv-pm8h
was published
for
pimcore/pimcore
(Composer)
Apr 24, 2024
Zend Framework SQL injection vulnerability
Critical
CVE-2014-8089
was published
for
zendframework/zend-db
(Composer)
Apr 23, 2024
Drupal Core Remote Code Execution Vulnerability
Critical
CVE-2018-7602
was published
for
drupal/core
(Composer)
Apr 23, 2024
ProTip!
Advisories are also available from the
GraphQL API