Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
Briefcase: Windows MSI Installer Privilege Escalation via Insecure Directory Permissions High
CVE-2026-33430 was published for briefcase (pip) Mar 23, 2026
lrandersson Credited to lrandersson
Duplicate Advisory: OpenClaw's sandboxed sessions_spawn now enforces sandbox inheritance for cross-agent spawns High
GHSA-wr92-6w3g-2hwc was published for openclaw (npm) Mar 21, 2026 withdrawn
Apache Airflow: Wildcard DagVersion Listing Bypasses Per‑DAG RBAC and Leaks Metadata High
CVE-2026-26929 was published for apache-airflow (pip) Mar 17, 2026
Below has Incorrect Permission Assignment for Critical Resource High
CVE-2025-27591 was published for below (Rust) Mar 11, 2025
mgerstner Credited to mgerstner
Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability High
CVE-2026-0775 was published for npm (npm) Jan 23, 2026 withdrawn
Mauripache Credited to Mauripache
express-cart allows any user to create an admin user High
CVE-2018-12457 was published for express-cart (npm) May 13, 2022
Grafana world readable configuration files High
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Mattermost Server has intermittent Authorization bypass for resource-owners High
CVE-2017-18894 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server does not properly restrict use of slash commands High
CVE-2017-18886 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
KubeVirt Vulnerable to Arbitrary Host File Read and Write High
CVE-2025-64324 was published for kubevirt.io/kubevirt (Go) Nov 7, 2025
mihailkirov Credited to mihailkirov, Faeris95, and jean-edouard Faeris95 Faeris95
jean-edouard jean-edouard
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
westonsteimel Credited to westonsteimel and cipherboy cipherboy cipherboy
PipeCD Vulnerable to Privilege Escalation High
CVE-2024-53351 was published for github.com/pipe-cd/pipecd (Go) Mar 21, 2025
@tanstack/form-core prototype pollution High
CVE-2024-57068 was published for @tanstack/form-core (npm) Feb 6, 2025
Balastrong Credited to Balastrong
Local Privilege Escalation in Windows High
CVE-2023-49797 was published for pyinstaller (pip) Dec 9, 2023
Kubean vulnerable to cluster-level privilege escalation High
CVE-2024-41820 was published for github.com/kubean-io/kubean (Go) Aug 5, 2024
younaman Credited to younaman
Grafana information disclosure High
CVE-2020-12458 was published for github.com/grafana/grafana (Go) May 24, 2022
SaltStack Salt Permissions Bypass High
CVE-2022-22941 was published for salt (pip) Mar 30, 2022
Planet's secret file is created with excessive permissions High
CVE-2023-32303 was published for planet (pip) May 12, 2023
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Apache Tomcat vulnerable to information leak High
CVE-2023-34981 was published for org.apache.tomcat.embed:tomcat-embed-core (Maven) Jun 21, 2023
sunSUNQ Credited to sunSUNQ and westonsteimel westonsteimel westonsteimel
Mercurial has Incorrect Permission Assignment for Critical Resource High
CVE-2017-9462 was published for mercurial (pip) Jul 13, 2018
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability High
CVE-2023-5077 was published for github.com/hashicorp/vault (Go) Sep 29, 2023
External Secrets Operator vulnerable to privilege escalation High
CVE-2024-45041 was published for github.com/external-secrets/external-secrets (Go) Sep 9, 2024
younaman Credited to younaman
Podman Elevated Container Privileges High
CVE-2018-10856 was published for github.com/containers/podman (Go) May 13, 2022
andrewpollock Credited to andrewpollock
Froxlor: /etc/pure-ftpd/db/mysql.conf is chmod 644 but contains <SQL_UNPRIVILEGED_PASSWORD> High
GHSA-34qg-65m4-f23m was published for froxlor/froxlor (Composer) Aug 23, 2024
hardfalcon Credited to hardfalcon
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database