Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Answer vulnerable to Business Logic Errors Moderate
CVE-2023-1542 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Answer has Guessable CAPTCHA Moderate
CVE-2023-1539 was published for github.com/answerdev/answer (Go) Mar 21, 2023
imgproxy Cross-site Scripting vulnerability Moderate
CVE-2023-1496 was published for github.com/imgproxy/imgproxy/v3 (Go) Mar 19, 2023
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
Potential network policy bypass when routing IPv6 traffic Moderate
CVE-2023-27594 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ysksuzuki
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
Authelia allows open redirects on the logout endpoint Moderate
CVE-2021-29456 was published for github.com/authelia/authelia/v4 (Go) Mar 16, 2023
jonbayl
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco AdamKorcz
DavidKorczynski
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco AdamKorcz
DavidKorczynski
Consul Server Panic when Ingress and API Gateways Configured with Peering Connections Moderate
CVE-2023-0845 was published for github.com/hashicorp/consul (Go) Mar 9, 2023
Buildkit credentials inlined to Git URLs could end up in provenance attestation Moderate
CVE-2023-26054 was published for github.com/moby/buildkit (Go) Mar 7, 2023
oatovar
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1242 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1243 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1239 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1237 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1241 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1240 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1238 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1244 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1245 was published for github.com/answerdev/answer (Go) Mar 7, 2023
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2835 was published for github.com/coredns/coredns (Go) Mar 3, 2023
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2837 was published for github.com/coredns/coredns (Go) Mar 3, 2023
chrisbloom7
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb Moderate
CVE-2023-26483 was published for github.com/russellhaering/gosaml2 (Go) Mar 2, 2023
nszetei
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database