Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,494
Maven
5,000+
npm
4,133
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,494 advisories

Loading
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Cross-site Scripting in Alist Moderate
CVE-2022-26533 was published for github.com/Xhofe/alist (Go) Mar 13, 2022
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Sysctls applied to containers with host IPC or host network namespaces can affect the host Moderate
GHSA-w2j5-3rcx-vx7x was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
haircommander
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Path Traversal in Gitea Moderate
CVE-2021-29134 was published for code.gitea.io/gitea (Go) Mar 16, 2022
Path traversal in github.com/valyala/fasthttp High
CVE-2022-21221 was published for github.com/valyala/fasthttp (Go) Mar 18, 2022
Denial of service in go-ethereum High
CVE-2021-42219 was published for github.com/ethereum/go-ethereum (Go) Mar 18, 2022
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
Gitea Open Redirect Moderate
CVE-2022-1058 was published for code.gitea.io/gitea (Go) Mar 25, 2022
SQLinjection in falcon-plus Critical
CVE-2022-26245 was published for github.com/open-falcon/falcon-plus (Go) Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Incorrect Authorization in imgcrypt High
CVE-2022-24778 was published for github.com/containerd/imgcrypt (Go) Mar 28, 2022
dimitar-dimitrow
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
Non-empty default inheritable capabilities for linux container in Buildah Moderate
CVE-2022-27651 was published for github.com/containers/buildah (Go) Apr 1, 2022
AndrewGMorgan
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
Podman's default inheritable capabilities for linux container not empty High
CVE-2022-27649 was published for github.com/containers/podman/v4 (Go) Apr 1, 2022
AndrewGMorgan
Opened exploitable ports in default docker-compose.yaml in go-ipfs Moderate
GHSA-fx5p-f64h-93xc was published for github.com/ipfs/go-ipfs (Go) Apr 4, 2022
Winterhuman
Access control bypass in Beego High
CVE-2021-30080 was published for github.com/beego/beego (Go) Apr 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database