Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Kubernetes Sensitive Information leak via Log File Moderate
CVE-2020-8564 was published for github.com/kubernetes/kubernetes (Go) Feb 6, 2023
Initial debug-host handler implementation could leak information and facilitate denial of service Moderate
GHSA-x477-fq37-q5wr was published for fortio.org/proxy (Go) Jan 27, 2023
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability Moderate
CVE-2023-0229 was published for github.com/openshift/apiserver-library-go (Go) Jan 26, 2023
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Path Traversal in github.com/go-sonic/sonic Moderate
CVE-2022-46959 was published for github.com/go-sonic/sonic (Go) Jan 23, 2023
scs-library-client may leak user credentials to third-party service via HTTP redirect Moderate
CVE-2022-23538 was published for github.com/sylabs/scs-library-client (Go) Jan 20, 2023
Velociraptor subject to Path Traversal Moderate
CVE-2023-0290 was published for www.velocidex.com/golang/velociraptor (Go) Jan 19, 2023
tdunlap607
Zitadel RefreshToken invalidation vulnerability Moderate
CVE-2023-22492 was published for github.com/zitadel/zitadel (Go) Jan 11, 2023
sebastianbuechler
Reflected XSS in Gotify's /docs via import of outdated Swagger UI Moderate
GHSA-3244-8mff-w398 was published for github.com/gotify/server (Go) Jan 10, 2023
40826d
easy-scrypt Observable Timing Discrepancy vulnerability Moderate
CVE-2014-125055 was published for github.com/agnivade/easy-scrypt (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0106 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0107 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0110 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0112 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0111 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0108 was published for github.com/usememos/memos (Go) Jan 7, 2023
go-ipld-prime/codec/json may panic if asked to encode bytes Moderate
CVE-2023-22460 was published for github.com/ipld/go-ipld-prime (Go) Jan 5, 2023
hacdias
usememos/memos vulnerable to Improper Handling of Insufficient Permissions or Privileges Moderate
CVE-2022-4863 was published for github.com/usememos/memos (Go) Dec 30, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts Moderate
CVE-2022-46174 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Dec 30, 2022
pastebinit Path Traversal vulnerability Moderate
CVE-2018-25059 was published for github.com/jessfraz/pastebinit (Go) Dec 30, 2022
gotify/server vulnerable to Cross-site Scripting in the application image file upload Moderate
CVE-2022-46181 was published for github.com/gotify/server (Go) Dec 30, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4845 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2022-4841 was published for github.com/usememos/memos (Go) Dec 29, 2022
usememos/memos Cross-Site Request Forgery vulnerability Moderate
CVE-2022-4846 was published for github.com/usememos/memos (Go) Dec 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database