Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,145
NuGet
735
pip
3,947
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,500 advisories

Loading
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Tarslip in go-unarr Critical
CVE-2021-38197 was published for github.com/gen2brain/go-unarr (Go) Sep 1, 2021
J3rry-1729
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu avivdolev
tdunlap607
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Moderate
CVE-2023-0620 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
oxeye-daniel
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Kyverno vulnerable due to usage of insecure cipher Moderate
GHSA-hgv6-w7r3-w4qw was published for github.com/kyverno/kyverno (Go) May 30, 2023
abhilashbs1981
HashiCorp Nomad vulnerable to non-sensitive metadata exposure Moderate
CVE-2022-3866 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Out-of-bounds read in Apache Thrift High
CVE-2019-0210 was published for github.com/apache/thrift (Go) May 18, 2021
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt Low
GHSA-qfc5-6r3j-jj22 was published for github.com/cosmos/cosmos-sdk (Go) Jun 2, 2023
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability Low
GHSA-7c94-gvvj-r3mg was published for github.com/cheqd/cheqd-node (Go) Jun 5, 2023
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
HashiCorp Consul Cross-site Scripting vulnerability Moderate
CVE-2020-25864 was published for github.com/hashicorp/consul (Go) May 24, 2022
HashiCorp Consul vulnerable to Origin Validation Error High
CVE-2019-9764 was published for github.com/hashicorp/consul (Go) May 13, 2022
HashiCorp Consul can use cleartext agent-to-agent RPC communication Moderate
CVE-2018-19653 was published for github.com/hashicorp/consul (Go) May 14, 2022
cheqd-node subject to Cosmos SDK "Barberry" vulnerability High
GHSA-8qxh-2gh8-r923 was published for github.com/cheqd/cheqd-node (Go) Jun 12, 2023
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts Moderate
CVE-2023-2183 was published for github.com/grafana/grafana (Go) Jun 12, 2023
sebob
otelhttp and otelbeego have DoS vulnerability for high cardinality metrics High
CVE-2023-25151 was published for go.opentelemetry.io/contrib/instrumentation/github.com/astaxie/beego/otelbeego (Go) Feb 8, 2023
Kraken has arbitrary file read vulnerability via component testfs High
CVE-2022-47747 was published for github.com/uber/kraken (Go) Jan 20, 2023
Command injection in Git package in Wrangler High
CVE-2022-31249 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
cokeBeer aruneko
tdunlap607
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-4xgv-j62q-h3rj was published for github.com/pion/dtls (Go) Feb 7, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-hxp2-xqf3-v83h was published for github.com/pion/dtls (Go) Feb 7, 2023
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database