Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,500 advisories

Loading
Nomad Job Submitter Privilege Escalation Using Workload Identity High
CVE-2023-1299 was published for github.com/hashicorp/nomad (Go) Mar 14, 2023
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
cloudflared's Installer has Local Privilege Escalation Vulnerability High
CVE-2023-1314 was published for github.com/cloudflare/cloudflared (Go) Mar 21, 2023
`cilium-cli` disables etcd authorization for clustermesh clusters Moderate
CVE-2023-28114 was published for github.com/cilium/cilium-cli (Go) Mar 21, 2023
giorio94
crewjam/saml vulnerable to Denial Of Service Via Deflate Decompression Bomb High
CVE-2023-28119 was published for github.com/crewjam/saml (Go) Mar 22, 2023
nszetei
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Authentication Bypass by Capture-replay Critical
CVE-2023-1537 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1536 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Ansible Semaphore mishandles authentication Critical
CVE-2023-28609 was published for github.com/ansible-semaphore/semaphore (Go) Mar 18, 2023
Answer vulnerable to Insufficient Session Expiration High
CVE-2023-1543 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Observable Response Discrepancy Moderate
CVE-2023-1540 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer vulnerable to Stored Cross-site Scripting Moderate
CVE-2023-1535 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Grafana Stored Cross-site Scripting in Graphite FunctionDescription tooltip Moderate
CVE-2023-1410 was published for github.com/grafana/grafana (Go) Mar 23, 2023
renniepak
Non-interactive Tailscale SSH sessions on FreeBSD may use the effective group ID of the tailscaled process Moderate
CVE-2023-28436 was published for tailscale.com (Go) Mar 23, 2023
rmb938
Answer vulnerable to Business Logic Errors Moderate
CVE-2023-1542 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
Mattermost subject to Denial of Service via upload of special GIF Moderate
CVE-2022-3257 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 25, 2022
hod-alpert
Answer vulnerable to Business Logic Errors Low
CVE-2023-1541 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Grafana Cross-site Scripting vulnerability Moderate
CVE-2019-13068 was published for github.com/grafana/grafana (Go) May 24, 2022
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs High
CVE-2021-30465 was published for github.com/opencontainers/runc (Go) May 25, 2021
champtar
Default inheritable capabilities for linux container should be empty Moderate
CVE-2022-29162 was published for github.com/opencontainers/runc (Go) May 24, 2022
AndrewGMorgan
On a compromised node, the virt-handler service account can be used to modify all node specs High
CVE-2023-26484 was published for kubevirt.io/kubevirt (Go) Mar 16, 2023
younaman XDTG
Gophish vulnerable to Cross-site Scripting via crafted landing page Moderate
CVE-2022-45004 was published for github.com/gophish/gophish (Go) Mar 22, 2023
Cross-site Scripting in github.com/schollz/rwtxt Moderate
CVE-2021-20848 was published for github.com/schollz/rwtxt (Go) Nov 29, 2021
tdunlap607
etcd user credentials are stored in WAL logs in plaintext Low
GHSA-528j-9r78-wffx was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database