Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,690
Maven
5,000+
npm
4,320
NuGet
760
pip
4,096
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Grav vulnerable to Privilege Escalation in Grav Admin: Missing Username Uniqueness Check Allows Admin Account Takeover High
CVE-2025-66296 was published for getgrav/grav (Composer) Dec 2, 2025
NicatAliyevh
Credited to NicatAliyevh
NutzBoot Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-13806 was published for org.nutz:nutzboot-parent (Maven) Dec 1, 2025
Grafana Incorrect Privilege Assignment vulnerability Critical
CVE-2025-41115 was published for github.com/grafana/grafana (Go) Nov 21, 2025
cdupuis
Credited to cdupuis
OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation High
CVE-2025-64761 was published for github.com/openbao/openbao (Go) Nov 24, 2025
cipherboy
Credited to cipherboy
Observability Operator is vulnerable to Incorrect Privilege Assignment through its Custom Resource MonitorStack High
CVE-2025-2843 was published for github.com/rhobs/observability-operator (Go) Nov 12, 2025
LiteLLM Has an Improper Authorization Vulnerability High
CVE-2025-0628 was published for litellm (pip) Mar 20, 2025
Deno's --deny-write check does not prevent permission bypass Low
CVE-2025-61785 was published for deno (Rust) Oct 7, 2025
dellalibera
Credited to dellalibera
OpenBao Root Namespace Operator May Elevate Token Privileges High
CVE-2025-54996 was published for github.com/openbao/openbao (Go) Aug 8, 2025
Vault Community Edition privilege escalation vulnerability High
CVE-2024-9180 was published for github.com/hashicorp/vault (Go) Oct 10, 2024
westonsteimel
Credited to westonsteimel
Hashicorp Vault has Privilege Escalation Vulnerability High
CVE-2025-5999 was published for github.com/hashicorp/vault (Go) Aug 1, 2025
Duplicate Advisory: users may append `root` to group listings High
GHSA-jq8x-v7jw-v675 was published for users (Rust) Jun 6, 2025 withdrawn
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing Import Page component Low
CVE-2025-6735 was published for juzaweb/cms (Composer) Jun 27, 2025
JuzaWeb CMS is vulnerable to Incorrect Privilege Assignment when installing certain components Low
CVE-2025-6736 was published for juzaweb/cms (Composer) Jun 27, 2025
Grafana plugin data sources vulnerable to access control bypass Moderate
CVE-2024-6322 was published for github.com/grafana/grafana (Go) Aug 20, 2024
Hashicorp Nomad Incorrect Privilege Assignment vulnerability High
CVE-2025-4922 was published for github.com/hashicorp/nomad (Go) Jun 11, 2025
dduzgun-security
Credited to dduzgun-security
New authd users logging in via SSH are members of the root group Moderate
CVE-2025-5689 was published for github.com/ubuntu/authd (Go) Jun 16, 2025
XWiki allows privilege escalation through link refactoring High
CVE-2025-49580 was published for org.xwiki.platform:xwiki-platform-refactoring-default (Maven) Jun 13, 2025
users may append `root` to group listings High
CVE-2025-5791 was published for users (Rust) Jun 5, 2025
pypickle Incorrect Privilege Assignment vulnerability Moderate
CVE-2025-5175 was published for pypickle (pip) May 26, 2025
PrinceRaj-0
Credited to PrinceRaj-0
containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods. Moderate
CVE-2025-47291 was published for github.com/containerd/containerd/v2 (Go) May 21, 2025
rata rogowski-piotr
Credited to rata and rogowski-piotr
Rancher: Restricted Administrator can change Administrator's passwords Critical
CVE-2025-23391 was published for github.com/rancher/rancher (Go) Apr 1, 2025
XavierDuthil
Credited to XavierDuthil
Jenkins allows for Privilege Escalation by Remote Authenticated Users Moderate
CVE-2015-1806 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Jenkins allows for Privilege Escalation by Remote Authenticated Users Moderate
CVE-2015-1814 was published for org.jenkins-ci.main:jenkins-core (Maven) May 17, 2022
Karmada PULL Mode Cluster Privilege Escalation High
CVE-2024-56513 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju RainbowMango
SHIRO-BAKO suidpit TheZ3ro
Credited to zhzhuang-zju, RainbowMango, SHIRO-BAKO, suidpit, and TheZ3ro
XWiki Platform allows remote code execution from user account Critical
CVE-2024-37899 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database