Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,517 advisories

Loading
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3801 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
IBAX go-ibax vulnerable to SQL injection High
CVE-2022-3802 was published for github.com/IBAX-io/go-ibax (Go) Nov 1, 2022
Gitea Arbitrary File Delete Vulnerability Moderate
CVE-2019-1000002 was published for code.gitea.io/gitea (Go) May 13, 2022
Gitea Open Redirect Moderate
CVE-2022-1058 was published for code.gitea.io/gitea (Go) Mar 25, 2022
Gitea Allows 1FA Even for 2FA-Enrolled Accounts Critical
CVE-2019-11576 was published for code.gitea.io/gitea (Go) May 24, 2022
Gitea XSS Vulnerability in Repository Description Moderate
CVE-2019-1010314 was published for code.gitea.io/gitea (Go) May 24, 2022
Improper Access Control in Gitea Critical
CVE-2020-28991 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Buffer Overflow in gitea High
CVE-2021-3382 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Privilege Escalation in kubevirt Critical
CVE-2020-14316 was published for kubevirt.io/kubevirt (Go) Apr 24, 2024
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8563 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Sensitive Information leak via Log File in Kubernetes Moderate
CVE-2020-8566 was published for github.com/kubernetes/kubernetes (Go) Apr 24, 2024
Access Restriction Bypass in go-ipfs High
CVE-2020-10937 was published for github.com/ipfs/go-ipfs (Go) Apr 24, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2020-7666 was published for github.com/u-root/u-root/pkg/cpio (Go) Apr 24, 2024
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions High
CVE-2021-41803 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
anonymous4ACL24
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Arbitrary Code Execution in Gitea High
CVE-2020-14144 was published for code.gitea.io/gitea (Go) Apr 22, 2024
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Incorrect Default Permissions in Beego Moderate
CVE-2019-16355 was published for github.com/astaxie/beego (Go) May 24, 2022
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities Moderate
CVE-2022-24769 was published for github.com/docker/docker (Go) Apr 22, 2024
AndrewGMorgan
Authelia's Group Changes may not have the expected results (YAML file backend) Low
GHSA-x883-2vmg-xwf7 was published for github.com/authelia/authelia/v4 (Go) Apr 22, 2024
ezrizhu
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx Critical
CVE-2021-32637 was published for github.com/authelia/authelia/v4 (Go) Dec 20, 2021
Container escape at build time High
GHSA-pmf3-c36m-g5cf was published for github.com/containers/buildah (Go) Mar 19, 2024
rmcnamara-snyk
golang.org/x/crypto/ssh Man-in-the-Middle attack High
CVE-2017-3204 was published for golang.org/x/crypto (Go) Feb 7, 2023
Evmos transaction execution not accounting for all state transition after interaction with precompiles Critical
CVE-2024-32644 was published for github.com/evmos/evmos/v16 (Go) Apr 10, 2024
iczc
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database