Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,500 advisories

Loading
Juju uses a UNIX domain socket without setting appropriate permissions Critical
CVE-2017-9232 was published for github.com/juju/juju (Go) May 13, 2022
GitHub Git LFS Arbitrary command execution vulnerability High
CVE-2017-17831 was published for github.com/git-lfs/git-lfs (Go) May 14, 2022
Singularity Incorrect Access Control Moderate
CVE-2018-12021 was published for github.com/hpcng/singularity (Go) May 14, 2022
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error Moderate
CVE-2018-20744 was published for github.com/gofiber/fiber/v2 (Go) May 14, 2022
Helm Path Traversal Moderate
CVE-2019-1000008 was published for helm.sh/helm (Go) May 14, 2022
HashiCorp Consul can use cleartext agent-to-agent RPC communication Moderate
CVE-2018-19653 was published for github.com/hashicorp/consul (Go) May 14, 2022
Gogs Directory Traversal High
CVE-2018-20303 was published for gogs.io/gogs (Go) May 14, 2022
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
Grafana XSS Vulnerability Moderate
CVE-2018-1000816 was published for github.com/grafana/grafana (Go) May 14, 2022
Gogs XSS Vulnerability Moderate
CVE-2018-17031 was published for gogs.io/gogs (Go) May 14, 2022
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
Go Ethereum LES protocol implementation vulnerable to Denial of Service High
CVE-2018-12018 was published for github.com/ethereum/go-ethereum (Go) May 14, 2022
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG Critical
CVE-2018-9057 was published for github.com/hashicorp/terraform-provider-aws (Go) May 14, 2022
iann0036
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
Improper kubeconfig validation allows arbitrary code execution Critical
CVE-2022-24817 was published for github.com/fluxcd/flux2 (Go) May 16, 2022
pjbgf
Shell command injection in gitea High
CVE-2022-30781 was published for code.gitea.io/gitea (Go) May 17, 2022
tar-split memory exhaustion Moderate
CVE-2017-14992 was published for github.com/vbatts/tar-split (Go) May 17, 2022
HashiCorp Vault improper configuration of multi factor authentication Moderate
CVE-2022-30689 was published for github.com/hashicorp/vault (Go) May 18, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
n-bes
Out of bounds memory access in github.com/open-policy-agent/opa High
CVE-2022-28946 was published for github.com/open-policy-agent/opa (Go) May 20, 2022
Improper path handling in Kustomization files allows for denial of service High
CVE-2022-24878 was published for github.com/fluxcd/flux2 (Go) May 20, 2022
hiddeco
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database