Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,517 advisories

Loading
IPv6 enabled on IPv4-only network interfaces Moderate
CVE-2024-32473 was published for github.com/docker/docker (Go) Apr 18, 2024
robmry corhere
gabriellavengeo akerouanton
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit Critical
GHSA-v6rw-hhgg-wc4x was published for github.com/evmos/evmos/v11 (Go) Apr 17, 2024
OpenFGA Authorization Bypass High
CVE-2024-31452 was published for github.com/openfga/openfga (Go) Apr 16, 2024
LocalAI cross-site request forgery vulnerability Moderate
CVE-2024-3135 was published for github.com/go-skynet/LocalAI (Go) Apr 1, 2024
Traefik vulnerable to denial of service with Content-length header High
CVE-2024-28869 was published for github.com/traefik/traefik (Go) Apr 12, 2024
Prajithp
Traefik affected by HTTP/2 CONTINUATION flood in net/http Moderate
GHSA-7f4j-64p6-5h5v was published for github.com/traefik/traefik/v2 (Go) Apr 15, 2024
gyoza
Cosign malicious artifacts can cause machine-wide DoS Moderate
CVE-2024-29903 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz DavidKorczynski
Cosign malicious attachments can cause system-wide denial of service Moderate
CVE-2024-29902 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz
SpiceDB: LookupSubjects may return partial results if a specific kind of relation is used Low
CVE-2024-32001 was published for github.com/authzed/spicedb (Go) Apr 10, 2024
Kopia: Storage connection credentials written to console on "repository status" CLI command with JSON output Low
GHSA-j5vm-7qcc-2wwg was published for github.com/kopia/kopia (Go) Apr 10, 2024
gin-vue-admin background arbitrary code coverage vulnerability High
CVE-2024-31457 was published for github.com/flipped-aurora/gin-vue-admin/server (Go) Apr 9, 2024
Minder GetRepositoryByName data leak Moderate
CVE-2024-31455 was published for github.com/stacklok/minder (Go) Apr 9, 2024
eleftherias
CometBFT's default for `BlockParams.MaxBytes` consensus parameter may increase block times and affect consensus participation Low
GHSA-hq58-p9mv-338c was published for github.com/cometbft/cometbft (Go) Sep 29, 2023
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack High
CVE-2024-22189 was published for github.com/quic-go/quic-go (Go) Apr 2, 2024
marten-seemann
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks Critical
GHSA-j496-crgh-34mx was published for github.com/cosmos/ibc-go (Go) Apr 5, 2024
mdulin2
Pebble service manager's file pull API allows access by any user Moderate
CVE-2024-3250 was published for github.com/canonical/pebble (Go) Apr 5, 2024
hpidcock benhoyt
Duplicate Advisory: Pebble service manager's file pull API allows access by any user Moderate
GHSA-65pc-76pq-pvf5 was published for github.com/canonical/pebble (Go) Apr 4, 2024 withdrawn
CasaOS Username Enumeration - Bypass of CVE-2024-24766 Moderate
CVE-2024-28232 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Apr 1, 2024
DrDark1999
KubeVirt NULL pointer dereference flaw Moderate
CVE-2024-31420 was published for kubevirt.io/kubevirt (Go) Apr 3, 2024
Temporal UI Server cross-site scripting vulnerability Moderate
CVE-2024-2435 was published for github.com/temporalio/ui-server/v2 (Go) Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability Moderate
CVE-2024-22780 was published for github.com/ca17/teamsacs (Go) Apr 2, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions High
GHSA-95rx-m9m5-m94v was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability Moderate
CVE-2024-29893 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 29, 2024
jake-ciolek
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime Moderate
CVE-2023-51699 was published for github.com/fluid-cloudnative/fluid (Go) Mar 15, 2024
zhang-x-z
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow Moderate
CVE-2024-21662 was published for github.com/argoproj/argo-cd/v2 (Go) Mar 18, 2024
nadava669 pasha-codefresh
crenshaw-dev todaywasawesome jannfis
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database