Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Open redirect in caddy Moderate
CVE-2022-29718 was published for github.com/caddyserver/caddy (Go) Jun 3, 2022
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0594 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad Moderate
CVE-2023-0821 was published for github.com/hashicorp/nomad (Go) Feb 17, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-0934 was published for github.com/answerdev/answer (Go) Feb 21, 2023
Improper Input Validation in Docker Engine Moderate
CVE-2020-13401 was published for github.com/docker/docker-ce (Go) Feb 15, 2022
Reflected XSS in Gotify's /docs via import of outdated Swagger UI Moderate
GHSA-3244-8mff-w398 was published for github.com/gotify/server (Go) Jan 10, 2023
40826d
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Helm vulnerable to denial of service through string value parsing Moderate
CVE-2022-23524 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
kube-state-metrics may expose secret content in metrics Moderate
CVE-2019-10223 was published for k8s.io/kube-state-metrics (Go) May 24, 2022
scs-library-client may leak user credentials to third-party service via HTTP redirect Moderate
CVE-2022-23538 was published for github.com/sylabs/scs-library-client (Go) Jan 20, 2023
SIF's Digital Signature Hash Algorithms Not Validated Moderate
CVE-2022-39237 was published for github.com/sylabs/sif/v2 (Go) Oct 6, 2022
tri-adam
Answer vulnerable to Race Condition Moderate
CVE-2023-0739 was published for github.com/answerdev/answer (Go) Feb 8, 2023
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic Moderate
CVE-2020-15112 was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman
OIDC claims not updated from Identity Provider in Pomerium Moderate
CVE-2021-41230 was published for github.com/pomerium/pomerium (Go) Nov 10, 2021
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs Moderate
CVE-2022-39199 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
Denial of service in github.com/ethereum/go-ethereum Moderate
CVE-2020-26264 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
lukaszmatczak
Malformed CAR panics and excessive memory usage Moderate
GHSA-9x4h-8wgm-8xfg was published for github.com/ipld/go-car (Go) Jul 6, 2022
Jorropo rvagg
willscott masih BigLep
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
Consensus flaw during block processing in github.com/ethereum/go-ethereum Moderate
CVE-2020-26265 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
johnyangk
Denial of service (DoS) when processing Git credentials Moderate
CVE-2022-43756 was published for github.com/rancher/wrangler (Go) Jan 25, 2023
Helm vulnerable to information disclosure via getHostByName Function Moderate
CVE-2023-25165 was published for helm.sh/helm/v3 (Go) Feb 8, 2023
phil9909
Non-empty default inheritable capabilities for linux container in Buildah Moderate
CVE-2022-27651 was published for github.com/containers/buildah (Go) Apr 1, 2022
AndrewGMorgan
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Misconfigured IP address field in ROA leads to OctoRPKI crash Moderate
CVE-2021-3911 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database