Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,128
NuGet
735
pip
3,944
Pub
12
RubyGems
945
Rust
1,024
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
lakeFS vulnerable to Arbitrary JavaScript Injection via Direct Link to HTML Files Moderate
GHSA-9phh-r37v-34wh was published for github.com/treeverse/lakefs (Go) Aug 14, 2023
Mattermost fails to sanitize post metadata Moderate
CVE-2023-4108 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks Moderate
CVE-2023-4106 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost does not validate requesting user permissions before updating admin details Moderate
CVE-2023-4107 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
1Panel Arbitrary File Download vulnerability Moderate
CVE-2023-39965 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
qiulongk
Blst has logical error in SigValidate in Go bindings Moderate
GHSA-8c37-7qx3-4c4p was published for github.com/supranational/blst (Go) Aug 9, 2023
blukat29
Gitea erroneous repo clones Moderate
CVE-2022-38795 was published for code.gitea.io/gitea (Go) Aug 7, 2023
Answer has Race Condition within a Thread Moderate
CVE-2023-4127 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Answer Insufficient Session Expiration vulnerability Moderate
CVE-2023-4126 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Improper rendering of text nodes in golang.org/x/net/html Moderate
CVE-2023-3978 was published for golang.org/x/net (Go) Aug 2, 2023
Golang TIFF decoder does not place a limit on the size of compressed tile data Moderate
CVE-2023-29408 was published for golang.org/x/image (Go) Aug 2, 2023
Golang TIFF decoder vulnerable to excessive CPU consumption Moderate
CVE-2023-29407 was published for golang.org/x/image (Go) Aug 2, 2023
HashiCorp Vault and Vault Enterprise vulnerable to user enumeration Moderate
CVE-2023-3462 was published for github.com/hashicorp/vault (Go) Aug 1, 2023
Ineffective privileges drop when requesting container network Moderate
CVE-2023-38496 was published for github.com/apptainer/apptainer (Go) Jul 25, 2023
KubePi may leak password hash of any user Moderate
CVE-2023-37916 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd
Dapr API token authentication bypass in HTTP endpoints Moderate
CVE-2023-37918 was published for github.com/dapr/dapr (Go) Jul 21, 2023
ItalyPaleAle
Nomad Search API Leaks Information About CSI Plugins Moderate
CVE-2023-3300 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Tokenizer vulnerable to client brute-force of token secrets Moderate
GHSA-f28g-86hc-823q was published for github.com/superfly/tokenizer (Go) Jul 13, 2023
iprange may panic when parsing ranges with invalid masks Moderate
GHSA-f99h-w337-mv56 was published for github.com/malfunkt/iprange (Go) Jul 12, 2023
A stored XSS in jaeger UI might allow an attacker who controls a trace to perform arbitrary jaeger queries Moderate
GHSA-2w8w-qhg4-f78j was published for github.com/jaegertracing/jaeger (Go) Jul 11, 2023
svennergr ngo
Barberry Security Advisory - regarding x/auth periodic vesting accounts Moderate
GHSA-j2cr-jc39-wpx5 was published for github.com/cosmos/cosmos-sdk (Go) Jul 7, 2023
Hashicorp Nomad ACLs Cannot Deny Access to Workload’s Own Variables Moderate
CVE-2023-1296 was published for github.com/hashicorp/nomad (Go) Jul 6, 2023
HashiCorp Vault's revocation list not respected Moderate
CVE-2022-41316 was published for github.com/hashicorp/vault (Go) Jul 6, 2023
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32171 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database