Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Zinc Cross-site Scripting vulnerability Moderate
CVE-2022-32171 was published for github.com/zinclabs/zinc (Go) Jul 6, 2023
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263
usememos/memos missing Secure cookie attribute Moderate
CVE-2022-4683 was published for github.com/usememos/memos (Go) Dec 23, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
github.com/lestrrat-go/jwx vulnerable to Potential Padding Oracle Attack Moderate
GHSA-rm8v-mxj3-5rmq was published for github.com/lestrrat-go/jwx (Go) Jun 14, 2023
shogo82148
IPFS go-bitfield vulnerable to DoS via malformed size arguments Moderate
CVE-2023-23626 was published for github.com/ipfs/go-bitfield (Go) Feb 10, 2023
Jorropo
HashiCorp Vault's implementation of Shamir's secret sharing vulnerable to cache-timing attacks Moderate
CVE-2023-25000 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-hxp2-xqf3-v83h was published for github.com/pion/dtls (Go) Feb 7, 2023
Panic during unmarshal of Hello Verify Request in github.com/pion/dtls/v2 Moderate
GHSA-4xgv-j62q-h3rj was published for github.com/pion/dtls (Go) Feb 7, 2023
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts Moderate
CVE-2023-2183 was published for github.com/grafana/grafana (Go) Jun 12, 2023
sebob
HashiCorp Consul can use cleartext agent-to-agent RPC communication Moderate
CVE-2018-19653 was published for github.com/hashicorp/consul (Go) May 14, 2022
HashiCorp Consul Cross-site Scripting vulnerability Moderate
CVE-2020-25864 was published for github.com/hashicorp/consul (Go) May 24, 2022
Cilium eBPF filters may be temporarily removed during agent restart Moderate
CVE-2023-27595 was published for github.com/cilium/cilium (Go) Mar 17, 2023
ldelossa ti-mo
aanm
HashiCorp Nomad vulnerable to non-sensitive metadata exposure Moderate
CVE-2022-3866 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Kyverno vulnerable due to usage of insecure cipher Moderate
GHSA-hgv6-w7r3-w4qw was published for github.com/kyverno/kyverno (Go) May 30, 2023
abhilashbs1981
HashiCorp Vault's PKI mount vulnerable to denial of service Moderate
CVE-2023-0665 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File Moderate
CVE-2023-0620 was published for github.com/hashicorp/vault (Go) Mar 30, 2023
oxeye-daniel
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
github.com/ipfs/kubo affected by DOS Bitswap unbounded persistent memory leak Moderate
GHSA-qvqg-6rp8-4p9h was published for github.com/ipfs/kubo (Go) May 11, 2023
Jorropo
Podman has Files or Directories Accessible to External Parties Moderate
CVE-2020-1726 was published for github.com/containers/podman (Go) May 24, 2022
tdunlap607
Answer vulnerable to Insertion of Sensitive Information Into Sent Data Moderate
CVE-2023-1975 was published for github.com/answerdev/answer (Go) Apr 11, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database