Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,499
Maven
5,000+
npm
4,141
NuGet
735
pip
3,945
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,499 advisories

Loading
Ambiguous OCI manifest parsing Low
GHSA-5j5w-g665-5m35 was published for github.com/containerd/containerd (Go) Nov 18, 2021
tdunlap607
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4849 was published for github.com/usememos/memos (Go) Dec 29, 2022
J3rry-1729
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc Low
CVE-2023-25809 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
AkihiroSuda
Velociraptor subject to Path Traversal Moderate
CVE-2023-0290 was published for www.velocidex.com/golang/velociraptor (Go) Jan 19, 2023
tdunlap607
User login denial of service in github.com/google/fscrypt Moderate
CVE-2022-25327 was published for github.com/google/fscrypt (Go) Feb 26, 2022
tdunlap607
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
Duplicate Advisory: KubeVirt arbitrary host file read from the VM Moderate
CVE-2022-1798 was published for kubevirt.io/kubevirt (Go) Aug 18, 2022 withdrawn
0xdidu michaelkedar
Amazon CloudWatch Agent for Windows has Privilege Escalation Vector High
CVE-2022-23511 was published for github.com/aws/amazon-cloudwatch-agent (Go) Dec 12, 2022
andrewpollock
Cross-site Scripting in Mattermost Moderate
CVE-2021-37860 was published for github.com/mattermost/mattermost-server/v5 (Go) Sep 23, 2021
andrewpollock
HashiCorp Consul Privilege Escalation Vulnerability High
CVE-2021-37219 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
tdunlap607
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
OpenShift Assisted Installer leaks image pull secrets as plaintext in installation logs Moderate
CVE-2021-3684 was published for github.com/openshift/assisted-installer (Go) Mar 24, 2023
Argo CD authenticated but unauthorized users may enumerate Application names via the API Moderate
CVE-2022-41354 was published for github.com/argoproj/argo-cd (Go) Mar 23, 2023
zhlu32
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco AdamKorcz
DavidKorczynski
Cronos vulnerable to DoS through unintended Contract Selfdestruct High
GHSA-gwj5-wp6r-5q9f was published for github.com/crypto-org-chain/cronos (Go) Aug 11, 2022
yihuang tomtau
tdunlap607
Docker Swarm encrypted overlay network may be unauthenticated High
CVE-2023-28840 was published for github.com/docker/docker (Go) Apr 4, 2023
corhere quadespresso
cpuguy83 tianon neersighted laurazard akerouanton
studygolang vulnerable to cross-site scripting Moderate
CVE-2021-4272 was published for github.com/studygolang/studygolang (Go) Dec 21, 2022
andrewpollock
Answer contains Improper Access Control vulnerability Critical
CVE-2023-0744 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Mattermost vulnerable to cross-site scripting (XSS) Moderate
CVE-2023-1776 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1775 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
Phachon mm-wiki vulnerable to stored cross-site scripting (XSS) Moderate
CVE-2020-19277 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
Phachon mm-wiki Cross Site Request Forgery vulnerability High
CVE-2020-19278 was published for github.com/phachon/mm-wiki (Go) Apr 4, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database