GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,154
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
2,517 advisories
Filter by severity
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection
Critical
CVE-2021-43350
was published
for
github.com/apache/trafficcontrol
(Go)
May 24, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Istio Authorization Bypass Vulnerability
Moderate
CVE-2021-31920
was published
for
istio.io/istio
(Go)
May 24, 2022
•
withdrawn
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Moderate
CVE-2021-31525
was published
for
golang.org/x/net
(Go)
May 24, 2022
golang.org/x/net/html Infinite Loop vulnerability
High
CVE-2021-33194
was published
for
golang.org/x/net
(Go)
May 24, 2022
HashiCorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2020-25864
was published
for
github.com/hashicorp/consul
(Go)
May 24, 2022
MongoDB Tools Improper Certificate Validation vulnerability
Moderate
CVE-2020-7924
was published
for
github.com/mongodb/mongo-tools
(Go)
May 24, 2022
Rancher Cross-site Scripting Vulnerability
Moderate
CVE-2021-25313
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Low
CVE-2020-8567
was published
for
github.com/Azure/secrets-store-csi-driver-provider-azure
(Go)
May 24, 2022
dhowden tag panic due to out-of-bounds read
Moderate
CVE-2020-29245
was published
for
github.com/dhowden/tag
(Go)
May 24, 2022
dhowden tag panic due to out-of-bounds read
Moderate
CVE-2020-29244
was published
for
github.com/dhowden/tag
(Go)
May 24, 2022
dhowden tag panic due to out-of-bounds read
Moderate
CVE-2020-29243
was published
for
github.com/dhowden/tag
(Go)
May 24, 2022
Default inheritable capabilities for linux container should be empty
Moderate
CVE-2022-29162
was published
for
github.com/opencontainers/runc
(Go)
May 24, 2022
Heketi logs sensitive information
Moderate
CVE-2020-10763
was published
for
github.com/heketi/heketi
(Go)
May 24, 2022
Grafana XSS via a query alias for the ElasticSearch datasource
Moderate
CVE-2020-24303
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Gophish vulnerable to Server-Side Request Forgery
Moderate
CVE-2020-24710
was published
for
github.com/gophish/gophish
(Go)
May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Grafana stored XSS
Moderate
CVE-2020-11110
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
DevSpace vulnerable to remote code execution
Critical
CVE-2020-15391
was published
for
github.com/loft-sh/devspace
(Go)
May 24, 2022
Mattermost Server Sensitive Data Exposure
Moderate
CVE-2020-14457
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
May 24, 2022
containernetworking/plugins vulnerable to MitM attacks
Moderate
CVE-2020-10749
was published
for
github.com/containernetworking/plugins
(Go)
May 24, 2022
Grafana XSS via a column style
Moderate
CVE-2018-18624
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via the OpenTSDB datasource
Moderate
CVE-2020-13430
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana information disclosure
High
CVE-2020-12458
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana world readable configuration files
High
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API