GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+
900 advisories
Filter by severity
Go Ethereum LES protocol implementation vulnerable to Denial of Service
High
CVE-2018-12018
was published
for
github.com/ethereum/go-ethereum
(Go)
May 14, 2022
Gogs and Gitea SSRF Vulnerability
High
CVE-2018-15192
was published
for
code.gitea.io/gitea
(Go)
May 14, 2022
Sylabs Singularity Improper Input Validation
High
CVE-2018-19295
was published
for
github.com/sylabs/singularity
(Go)
May 14, 2022
GitHub Git LFS Arbitrary command execution vulnerability
High
CVE-2017-17831
was published
for
github.com/git-lfs/git-lfs
(Go)
May 14, 2022
Minikube RCE via DNS Rebinding
High
CVE-2018-1002103
was published
for
k8s.io/minikube
(Go)
May 13, 2022
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman
(Go)
May 13, 2022
JSON-Patch Out-of-bounds Write vulnerability
High
CVE-2018-14632
was published
for
github.com/evanphx/json-patch
(Go)
May 13, 2022
golang.org/x/net/html Improper Validation of Array Index vulnerability
High
CVE-2018-17848
was published
for
golang.org/x/net
(Go)
May 13, 2022
Apache Thrift Go Library Command Injection
High
CVE-2016-5397
was published
for
github.com/apache/thrift
(Go)
May 13, 2022
HashiCorp Consul vulnerable to Origin Validation Error
High
CVE-2019-9764
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
HashiCorp Consul Access Restriction Bypass
High
CVE-2019-8336
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17847
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17142
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17143
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17075
was published
for
golang.org/x/net
(Go)
May 13, 2022
Docker Registry has Allocation of Resources Without Limits or Throttling
High
CVE-2017-11468
was published
for
github.com/docker/distribution
(Go)
May 13, 2022
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack
High
CVE-2017-7670
was published
for
github.com/apache/trafficcontrol
(Go)
May 13, 2022
Traefik Missing Authentication
High
CVE-2018-15598
was published
for
github.com/traefik/traefik
(Go)
May 13, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them
High
CVE-2019-6287
was published
for
github.com/rancher/rancher
(Go)
May 13, 2022
Rancher Access Control Vulnerability
High
CVE-2017-7297
was published
for
github.com/rancher/rancher
(Go)
May 13, 2022
Improper Input Validation in k8s.io/ingress-nginx
High
CVE-2021-25745
was published
for
k8s.io/ingress-nginx
(Go)
May 7, 2022
Arbitrary file deletion in gitea
High
CVE-2022-27313
was published
for
code.gitea.io/gitea
(Go)
May 4, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
ProTip!
Advisories are also available from the
GraphQL API