Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
HTTP/2 rapid reset can cause excessive work in net/http High
CVE-2023-39325 was published for golang.org/x/net (Go) Oct 11, 2023
kOps privilege escalation vulnerability High
CVE-2023-1943 was published for k8s.io/kops (Go) Oct 12, 2023
OpenTelemetry-Go Contrib vulnerable to denial of service in otelhttp due to unbound cardinality metrics High
CVE-2023-45142 was published for go.opentelemetry.io/contrib/instrumentation/github.com/emicklei/go-restful/otelrestful (Go) Oct 16, 2023
programmer04 MadVikingGod
arminru pellared
Go Fiber CSRF Token Validation Vulnerability High
CVE-2023-45141 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
sixcolors ReneWerner87
gaby rosenblueh
github.com/kumahq/kuma affected by CVE-2023-44487 High
GHSA-9wmc-rg4h-28wv was published for github.com/kumahq/kuma (Go) Oct 17, 2023
Cross-site Scripting via missing Binding syntax validation High
CVE-2023-45683 was published for github.com/crewjam/saml (Go) Oct 17, 2023
anaximand3r
go-ethereum vulnerable to denial of service via crafted GraphQL query High
CVE-2023-42319 was published for github.com/ethereum/go-ethereum (Go) Oct 18, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability High
CVE-2023-43800 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Arduino Create Agent path traversal - local privilege escalation vulnerability High
CVE-2023-43802 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
OpenFGA DoS vulnerability High
CVE-2023-45810 was published for github.com/openfga/openfga (Go) Oct 18, 2023
KlausVii
NATS.io: Adding accounts for just the system account adds auth bypass High
CVE-2023-47090 was published for github.com/nats-io/nats-server/v2 (Go) Oct 19, 2023
Artifact Hub arbitrary file read vulnerability High
CVE-2023-45823 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
free5GC udm vulnerable to Invalid Curve Attack High
CVE-2023-46324 was published for github.com/free5gc/udm (Go) Oct 23, 2023
gRPC-Go HTTP/2 Rapid Reset vulnerability High
GHSA-m425-mq94-257g was published for google.golang.org/grpc (Go) Oct 25, 2023
atgreen
Ingress-nginx path sanitization can be bypassed High
CVE-2022-4886 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
joshbressers
Cosmos packet-forward-middleware vulnerable to chain-halt High
GHSA-w6rp-vxj2-fjhr was published for github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4 (Go) Oct 26, 2023
quic-go vulnerable to pointer dereference that can lead to panic High
CVE-2023-46239 was published for github.com/quic-go/quic-go (Go) Oct 30, 2023
xkeys seal encryption used fixed key for all encryption High
CVE-2023-46129 was published for github.com/nats-io/nats-server/v2 (Go) Oct 31, 2023
tinou98
Kubernetes privilege escalation vulnerability High
CVE-2023-3955 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3676 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Calico Typha denial of service vulnerability High
CVE-2023-41378 was published for github.com/projectcalico/calico (Go) Nov 6, 2023
ZITADEL race condition in lockout policy execution High
CVE-2023-47111 was published for github.com/zitadel/zitadel (Go) Nov 8, 2023
itz-d0dgy livio-a
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database