Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

27 advisories

Loading
PraisonAI SandlockSandbox falls back to unrestricted subprocess execution when Landlock is unavailable High
GHSA-6jcq-6546-qrrw was published for praisonai (pip) Jun 18, 2026
rexpository Credited to rexpository
phpMyFAQ: IDOR Account Takeover High
CVE-2026-35671 was published for phpmyfaq/phpmyfaq (Composer) May 20, 2026
cyberHunter127 Credited to cyberHunter127
OpenClaw: Matrix profile config persistence was reachable from operator.write message tools High
CVE-2026-42433 was published for openclaw (npm) Apr 17, 2026
zpbrent Credited to zpbrent
Decidim amendments can be accepted or rejected by anyone High
CVE-2026-40869 was published for decidim-core (RubyGems) Apr 14, 2026
zpbrent Credited to zpbrent
OpenClaw's non-default autoAllowSkills setting could bypass on-miss exec prompt High
GHSA-7ff8-xjh3-mgh6 was published for openclaw (npm) Mar 3, 2026
tdjackey Credited to tdjackey
NicatAliyevh Credited to NicatAliyevh
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation High
CVE-2025-64761 was published for github.com/openbao/openbao (Go) Nov 24, 2025
cipherboy Credited to cipherboy
Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack High
CVE-2025-2843 was published for github.com/rhobs/observability-operator (Go) Nov 12, 2025
OpenBao Root Namespace Operator May Elevate Token Privileges High
CVE-2025-54996 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Hashicorp Vault has Privilege Escalation Vulnerability High
CVE-2025-5999 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
XWiki allows privilege escalation through link refactoring High
CVE-2025-49580 was published for org.xwiki.platform:xwiki-platform-refactoring-default (Maven) Jun 13, 2025
manuelleduc Credited to manuelleduc
Hashicorp Nomad Incorrect Privilege Assignment vulnerability High
CVE-2025-4922 was published for github.com/hashicorp/nomad (Go) Jun 11, 2025
dduzgun-security Credited to dduzgun-security
Duplicate Advisory: users may append `root` to group listings High
GHSA-jq8x-v7jw-v675 was published for users (Rust) Jun 6, 2025 withdrawn
users may append `root` to group listings High
CVE-2025-5791 was published for users (Rust) Jun 5, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
Karmada PULL Mode Cluster Privilege Escalation High
CVE-2024-56513 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju Credited to zhzhuang-zju, RainbowMango, SHIRO-BAKO, suidpit, and TheZ3ro RainbowMango RainbowMango
SHIRO-BAKO SHIRO-BAKO suidpit suidpit TheZ3ro TheZ3ro
Open Cluster Management vulnerable to Trust Boundary Violation High
CVE-2024-9779 was published for open-cluster-management.io/ocm (Go) Dec 18, 2024
Vault Community Edition privilege escalation vulnerability High
CVE-2024-9180 was published for github.com/hashicorp/vault (Go) Oct 10, 2024
westonsteimel Credited to westonsteimel
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability High
CVE-2023-5077 was published for github.com/hashicorp/vault (Go) Sep 29, 2023
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24 Credited to anonymous4ACL24
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances High
CVE-2023-2816 was published for github.com/hashicorp/consul (Go) Jun 3, 2023
Improper Privilege Management in Elasticsearch High
CVE-2020-7009 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
Incorrect Privilege Assignment in Jenkins Script Security Plugin High
CVE-2019-10355 was published for org.jenkins-ci.plugins:script-security (Maven) May 24, 2022
Incorrect Privilege Assignment in Jinja2 High
CVE-2014-1402 was published for Jinja2 (pip) May 14, 2022
ProTip! Advisories are also available from the GraphQL API