GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,499
Maven
5,000+
npm
4,142
NuGet
735
pip
3,945
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
902 advisories
Filter by severity
Macaron csrf missing encryption and has sensitive cookies in HTTP session without secure attribute
High
CVE-2018-25060
was published
for
github.com/go-macaron/csrf
(Go)
Dec 30, 2022
usememos/memos Cross-Site Request Forgery vulnerability
High
CVE-2022-4844
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
usememos/memos Improper Privilege Management vulnerability
High
CVE-2022-4808
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4809
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos makes Incorrect Use of Privileged APIs
High
CVE-2022-4796
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
shiyanhui/dht vulnerable to Uncontrolled Resource Consumption
High
CVE-2020-36562
was published
for
github.com/shiyanhui/dht
(Go)
Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
High
CVE-2022-3346
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG
High
CVE-2016-15005
was published
for
github.com/dinever/golf
(Go)
Dec 28, 2022
go-codec-dagpb vulnerable to panic when decoding invalid blocks
High
CVE-2022-2584
was published
for
github.com/ipld/go-codec-dagpb
(Go)
Dec 28, 2022
Noise vulnerable to denial of service
High
CVE-2021-4239
was published
for
github.com/flynn/noise
(Go)
Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption
High
CVE-2019-25072
was published
for
github.com/tendermint/tendermint
(Go)
Dec 28, 2022
nosurf vulnerable to improper input validation
High
CVE-2020-36564
was published
for
github.com/justinas/nosurf
(Go)
Dec 28, 2022
Goa vulnerable to path traversal
High
CVE-2019-25073
was published
for
github.com/goadesign/goa
(Go)
Dec 28, 2022
socks Infinite Loop vulnerability
High
CVE-2013-10005
was published
for
github.com/btcsuite/go-socks
(Go)
Dec 28, 2022
ahh vulnerable to Path Traversal
High
CVE-2020-36559
was published
for
aahframe.work
(Go)
Dec 28, 2022
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory
High
CVE-2022-3064
was published
for
gopkg.in/yaml.v2
(Go)
Dec 28, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines
High
CVE-2020-36567
was published
for
github.com/gin-gonic/gin
(Go)
Dec 27, 2022
usememos/memos Denial of Service vulnerability
High
CVE-2022-4767
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
golang.org/x/text/language Out-of-bounds Read vulnerability
High
CVE-2021-38561
was published
for
golang.org/x/text
(Go)
Dec 26, 2022
usememos/memos vulnerable to improper authorization
High
CVE-2022-4688
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4684
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
ProTip!
Advisories are also available from the
GraphQL API