Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
Command injection in github.com/google/fscrypt Moderate
CVE-2022-25328 was published for github.com/google/fscrypt (Go) Feb 26, 2022
Use of a Key Past its Expiration Date and Insufficient Session Expiration in Maddy Mail Server Moderate
CVE-2022-24732 was published for github.com/foxcpp/maddy (Go) Mar 7, 2022
ysf
Code injection in Stripe CLI on windows High
CVE-2022-24753 was published for github.com/stripe/stripe-cli (Go) Mar 10, 2022
Arbitrary file write in nats-server High
CVE-2022-26652 was published for github.com/nats-io/nats-server/v2 (Go) Mar 10, 2022
Authorization bypass in Openshift Critical
CVE-2016-1906 was published for github.com/openshift/origin (Go) Dec 20, 2021
act vulnerable to arbitrary file upload in artifact server High
CVE-2023-22726 was published for github.com/nektos/act (Go) Jan 20, 2023
Path traversal in claircore High
CVE-2021-3762 was published for github.com/quay/claircore (Go) Mar 4, 2022
Unsafe tar unpacking in HashiCorp go-slug High
CVE-2020-29529 was published for github.com/hashicorp/go-slug (Go) Feb 6, 2023
Improper Validation of Array Index in GJSON High
CVE-2020-36067 was published for github.com/tidwall/gjson (Go) Feb 6, 2023
Rancher cattle-token is predictable High
CVE-2022-43755 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
Websocket requests did not call AuthenticateMethod Moderate
GHSA-5gjg-jgh4-gppm was published for github.com/ecnepsnai/web (Go) Jun 23, 2021
JSON-Patch Out-of-bounds Write vulnerability High
CVE-2018-14632 was published for github.com/evanphx/json-patch (Go) May 13, 2022
golang.org/x/net/http2 allows uncontrolled memory consumption High
CVE-2021-44716 was published for golang.org/x/net/http2 (Go) Jan 2, 2022
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following High
CVE-2023-25152 was published for github.com/pterodactyl/wings (Go) Feb 8, 2023
astro-angelfish
OCI Manifest Type Confusion Issue Low
GHSA-qq97-vm5h-rrhg was published for github.com/docker/distribution (Go) Feb 8, 2022
samuelkarp
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2990 was published for github.com/containers/buildah (Go) Sep 14, 2022
crewjam/saml vulnerable to signature bypass via multiple Assertion elements due to improper authentication Critical
CVE-2022-41912 was published for github.com/crewjam/saml (Go) Nov 29, 2022
gosqljson SQL Injection vulnerability Critical
CVE-2014-125064 was published for github.com/elgs/gosqljson (Go) Jan 7, 2023
Excessive Platform Resource Consumption within a Loop in Kubernetes Moderate
CVE-2019-11254 was published for github.com/go-yaml/yaml (Go) Dec 20, 2021
CRLF vulnerability in Fiber Moderate
CVE-2020-15111 was published for github.com/gofiber/fiber (Go) Jun 29, 2021
hsblhsn abdshaleh
Denial of Service in graphql-go Moderate
CVE-2022-21708 was published for github.com/graph-gophers/graphql-go (Go) Jan 27, 2022
jupenur
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
HashiCorp go-getter command injection Critical
CVE-2022-26945 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database