Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
Privilege escalation in Hashicorp Nomad High
CVE-2021-37218 was published for github.com/hashicorp/nomad (Go) Sep 8, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Incorrect Authorization in HashiCorp Consul Moderate
CVE-2020-7955 was published for github.com/hashicorp/consul (Go) Jul 28, 2021
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
Broken encryption in EdgeX Foundry Moderate
CVE-2021-41278 was published for github.com/edgexfoundry/app-functions-sdk-go (Go) Nov 19, 2021
bnevis-i
Clarify Content-Type handling Low
CVE-2021-41190 was published for github.com/opencontainers/distribution-spec (Go) Nov 18, 2021
jonjohnsonjr
HTTP Request Smuggling in github.com/hyperledger/fabric High
CVE-2021-43669 was published for github.com/hyperledger/fabric (Go) Dec 3, 2021
Confused Deputy in Kubernetes Moderate
CVE-2020-8561 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Email relay in Apache Traffic Control Moderate
CVE-2021-42009 was published for github.com/apache/trafficcontrol (Go) Oct 13, 2021
Authz Module Non-Determinism Moderate
CVE-2021-41135 was published for github.com/cosmos/cosmos-sdk (Go) Oct 21, 2021
robert-zaremba iramiller
Incorrect handling of H2 GOAWAY + SETTINGS frames High
CVE-2021-39162 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Incomplete List of Disallowed Inputs in Kubernetes Moderate
CVE-2021-25737 was published for k8s.io/kubernetes (Go) Sep 7, 2021
Cross-site Scripting in Gitea Moderate
CVE-2021-28378 was published for code.gitea.io/gitea (Go) Sep 27, 2021
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2022-4695 was published for github.com/usememos/memos (Go) Dec 27, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4846 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4850 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Improper Privilege Management vulnerability High
CVE-2022-4808 was published for github.com/usememos/memos (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database