Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,517 advisories

Loading
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures High
CVE-2020-7711 was published for github.com/russellhaering/gosaml2 (Go) Oct 7, 2022
golang.org/x/text Infinite loop Moderate
CVE-2020-14040 was published for golang.org/x/text (Go) May 18, 2021
gopkg.in/macaron.v1 Open Redirect vulnerability Moderate
CVE-2020-12666 was published for gopkg.in/macaron.v1 (Go) May 18, 2021
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
Stakater Forecastle has a directory traversal vulnerability High
CVE-2023-40297 was published for github.com/stakater/Forecastle (Go) May 15, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
Cilium has insecure IPsec transport encryption High
CVE-2024-28860 was published for github.com/cilium/cilium (Go) Mar 28, 2024
pchaigno NikAleksandrov
iokill marshrayms
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
Grafana directory traversal for .cvs files Moderate
CVE-2021-43815 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm AlonZa
neersighted
Argo CD vulnerable to a Denial of Service via malicious jqPathExpressions in ignoreDifferences Moderate
CVE-2024-32476 was published for github.com/argoproj/argo-cd/v2 (Go) Apr 26, 2024
crenshaw-dev pasha-codefresh
todaywasawesome
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX High
CVE-2024-34360 was published for github.com/spacemeshos/api (Go) May 10, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests High
CVE-2024-34084 was published for github.com/stacklok/minder (Go) May 7, 2024
AdamKorcz DavidKorczynski
Vitess vulnerable to infinite memory consumption and vtgate crash Moderate
CVE-2024-32886 was published for github.com/vitessio/vitess (Go) May 8, 2024
dbussink mattrobenolt
vmg
tiagorlampert CHAOS vulnerable to Cross Site Scripting Moderate
CVE-2024-31839 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
OpenFGA Authorization Bypass Moderate
CVE-2023-40579 was published for github.com/openfga/openfga (Go) Aug 25, 2023
aaguiarz
tiagorlampert CHAOS vulnerable to command injections High
CVE-2024-30850 was published for github.com/tiagorlampert/CHAOS (Go) Apr 12, 2024
Duplicate Advisory: Cosmos "Barberry" vulnerability in github.com/cosmos/cosmos-sdk Moderate
GHSA-w44m-8mv2-v78h was published for github.com/cosmos/cosmos-sdk (Go) Jun 22, 2023 withdrawn
greg-szabo matveybaykalov
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database