Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

23 advisories

Loading
Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
CVE-2025-7784 was published for org.keycloak:keycloak-services (Maven) Jul 30, 2025
Duplicate Advisory: Keycloak Privilege Escalation Vulnerability in Admin Console (FGAPv2 Enabled) Moderate
GHSA-83j7-mhw9-388w was published for org.keycloak:keycloak-services (Maven) Jul 18, 2025 withdrawn
Liferay Portal and Liferay DXP Fails to Check Permissions in Translation Module Moderate
CVE-2022-38512 was published for com.liferay.portal:release.dxp.bom (Maven) Sep 23, 2022
Apache StreamPipes has improper privilege management in a REST interface Moderate
CVE-2024-24778 was published for org.apache.streampipes:streampipes-parent (Maven) Mar 3, 2025
Neo4j Cypher component mishandles IMMUTABLE privileges Moderate
CVE-2024-34517 was published for org.neo4j:neo4j-cypher (Maven) May 7, 2024
irene221b
Credited to irene221b
Apache Kafka Clients: Privilege escalation to filesystem read-access via automatic ConfigProvider Moderate
CVE-2024-31141 was published for org.apache.kafka:kafka-clients (Maven) Nov 19, 2024
pjfanning
Credited to pjfanning
Issue with whitespace in JWT roles in OpenSearch Moderate
CVE-2023-23612 was published for org.opensearch.plugin:opensearch-security (Maven) Jan 24, 2023
binary-1024
Credited to binary-1024
Jenkins Git server Plugin does not perform a permission check Moderate
CVE-2024-34146 was published for org.jenkins-ci.plugins:git-server (Maven) May 2, 2024
Cloud Foundry UAA Identity Zone Admin Privilege Escalation Moderate
CVE-2017-8032 was published for org.cloudfoundry.identity:cloudfoundry-identity-server (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Improper Privilege Management in Jenkins Config File Provider Plugin Moderate
CVE-2017-1000104 was published for org.jenkins-ci.plugins:config-file-provider (Maven) May 13, 2022
Jenkins Agiletestware Pangolin Connector for TestRail Plugin CSRF vulnerability and missing permission checks Moderate
CVE-2018-1999032 was published for org.jenkins-ci.plugins:pangolin-testrail-connector (Maven) May 13, 2022
PostgreSQL PL/Java Improper Privilege Management Moderate
CVE-2016-0767 was published for postgresql:pljava-public (Maven) May 13, 2022
Elasticsearch privilege escalation Moderate
CVE-2022-23708 was published for org.elasticsearch:elasticsearch (Maven) Mar 4, 2022
Improper privilege management in elasticsearch Moderate
CVE-2020-7019 was published for org.elasticsearch:elasticsearch (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
Privilege escalation in Strongbox Moderate
GHSA-mhgm-52vg-pvvc was published for com.schibsted.security:strongbox-sdk (Maven) Feb 16, 2023
tdunlap607
Credited to tdunlap607
Apiman vulnerable to permissions bypass due to missing check on API key URL Moderate
CVE-2023-28640 was published for io.apiman:apiman-manager-api-rest-impl (Maven) Mar 27, 2023
volkflo
Credited to volkflo
Improper Privilege Management in Apache Sling Moderate
CVE-2023-25621 was published for org.apache.sling:org.apache.sling.i18n (Maven) Feb 23, 2023
Improper Privilege Management in X-Pack Moderate
CVE-2017-8446 was published for org.elasticsearch.plugin:x-pack (Maven) May 13, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Credited to NotMyFault
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Credited to JLLeitschuh
Improper Privilege Management in craftercms Moderate
CVE-2021-23265 was published for org.craftercms:craftercms (Maven) May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database