Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,504 advisories

Loading
Panic when parsing invalid palette-color images in golang.org/x/image High
CVE-2024-24792 was published for golang.org/x/image (Go) Jun 26, 2024
Server-Side Request Forgery in github.com/greenpau/caddy-security Moderate
CVE-2024-21498 was published for github.com/greenpau/caddy-security (Go) Feb 17, 2024
Beego privilege escalation vulnerability High
CVE-2024-40465 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures Moderate
CVE-2024-40430 was published for github.com/drakkan/sftpgo/v2 (Go) Jul 22, 2024 withdrawn
drakkan
gRPC-Go HTTP/2 Rapid Reset vulnerability High
GHSA-m425-mq94-257g was published for google.golang.org/grpc (Go) Oct 25, 2023
atgreen
Hugo Markdown titles do not escaped in internal render hooks Moderate
CVE-2024-32875 was published for github.com/gohugoio/hugo (Go) Apr 23, 2024
ejona86
Private tokens could appear in logs if context containing gRPC metadata is logged in github.com/grpc/grpc-go Low
GHSA-xr7q-jx4m-x55m was published for google.golang.org/grpc (Go) Jul 5, 2024
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only Low
GHSA-vjg6-93fv-qv64 was published for go.etcd.io/etcd/v3 (Go) Feb 3, 2024
Etcd embed auto compaction retention negative value causing a compaction loop or a crash Low
GHSA-pm3m-32r3-7mfh was published for go.etcd.io/etcd/v3 (Go) Feb 3, 2024
Etcd Gateway TLS endpoint validation only confirms TCP reachability Moderate
GHSA-j86v-2vjr-fg8f was published for go.etcd.io/etcd/v3 (Go) Feb 3, 2024
Withdrawn Advisory: User-provided environment values allow execution on macOS agents High
GHSA-vfxf-76hv-v4w4 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener jentfoo
lukas-braune
Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access High
GHSA-c9v7-wmwj-vf6x was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener
Withdrawn Advisory: Teleport Access List owners can escalate their privileges Critical
GHSA-76cc-p55w-63g3 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Moaz219
Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users Critical
GHSA-hw4x-mcx5-9q36 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener espadolini
Path Traversal in Docker Moderate
CVE-2014-9356 was published for github.com/docker/docker (Go) May 18, 2021
picatz neersighted
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Arbitrary File Override in Docker Engine Moderate
CVE-2015-3631 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian corhere
neersighted
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
sshproxy vulnerable to SSH option injection Low
CVE-2024-34713 was published for github.com/cea-hpc/sshproxy (Go) May 14, 2024
fdiakh
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Denial of service when decrypting attack controlled input in github.com/dvsekhvalnov/jose2go Moderate
GHSA-mhpq-9638-x6pw was published for github.com/dvsekhvalnov/jose2go (Go) Dec 20, 2023
Etcd pkg Insecure ciphers are allowed by default Low
GHSA-5x4g-q5rc-36jp was published for go.etcd.io/etcd/client/pkg/v3 (Go) Feb 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database