Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm High
CVE-2020-8918 was published for github.com/google/go-tpm (Go) Feb 11, 2022
chrisfenner
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers High
CVE-2020-14359 was published for github.com/keycloak/keycloak-gatekeeper (Go) Feb 9, 2022
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Incorrect Authorization in NATS nats-server High
CVE-2022-24450 was published for github.com/nats-io/nats-server/v2 (Go) Feb 8, 2022
Churro andrewpollock
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
SQL Injection in Casdoor High
CVE-2022-24124 was published for github.com/casdoor/casdoor (Go) Feb 1, 2022
Withdrawn Advisory: NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022 withdrawn
joshbressers
Lookup operations do not take into account wildcards in SpiceDB High
CVE-2022-21646 was published for github.com/authzed/spicedb (Go) Jan 13, 2022
vroldanbet
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints High
GHSA-m7vp-hqwv-7m5x was published for github.com/spiffe/spire (Go) Jan 12, 2022
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy High
CVE-2021-42583 was published for github.com/foxcpp/maddy (Go) Jan 6, 2022
Link Following in Iris High
CVE-2021-23772 was published for github.com/kataras/iris (Go) Jan 6, 2022
kataras
Drainage of FeeCollector's Block Transaction Fees in cronos High
CVE-2021-43839 was published for github.com/crypto-org-chain/cronos (Go) Jan 6, 2022
zb3
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux High
CVE-2021-43816 was published for github.com/containerd/containerd (Go) Jan 6, 2022
golang.org/x/net/http2 allows uncontrolled memory consumption High
CVE-2021-44716 was published for golang.org/x/net/http2 (Go) Jan 2, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Incorrect Permission Assignment for Critical Resource in Singularity High
CVE-2019-11328 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
"Verify All" Returns Success Despite Validation Failures in Singularity High
CVE-2020-13846 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
truatpasteurdotfr
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
Privilege Elevation in runc High
CVE-2016-3697 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
GitLab auth uses full name instead of username as user ID, allowing impersonation High
CVE-2020-5415 was published for github.com/concourse/concourse (Go) Dec 20, 2021
gdetrez
Infinite loop in xz High
CVE-2020-16845 was published for github.com/ulikunitz/xz (Go) Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database