Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

264 advisories

Loading
owncast is vulnerable to SQL Injection Critical
CVE-2022-3751 was published for github.com/owncast/owncast (Go) Nov 29, 2022
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF Critical
CVE-2022-41924 was published for tailscale.com (Go) Nov 21, 2022
emilytrau JJJollyjim
hod-alpert
Vela Insecure Defaults Critical
CVE-2022-39395 was published for github.com/go-vela/server (Go) Nov 9, 2022
btcd mishandles witness size checking Critical
CVE-2022-44797 was published for github.com/btcsuite/btcd (Go) Nov 7, 2022
TiDB vulnerable to Use of Externally-Controlled Format String Critical
CVE-2022-3023 was published for github.com/pingcap/tidb (Go) Nov 4, 2022
dwisiswant0
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability Critical
CVE-2022-39345 was published for github.com/flipped-aurora/gin-vue-admin/server (Go) Oct 25, 2022
0xngs
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Gitea vulnerable to Argument Injection Critical
CVE-2022-42968 was published for github.com/go-gitea/gitea (Go) Oct 16, 2022
Gogs vulnerable to Cross-site Scripting Critical
CVE-2022-32174 was published for gogs.io/gogs (Go) Oct 11, 2022
Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication Critical
CVE-2018-21246 was published for github.com/caddyserver/caddy (Go) Oct 6, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
Labstack Echo Open Redirect vulnerability Critical
CVE-2022-40083 was published for github.com/labstack/echo/v4 (Go) Sep 29, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials Critical
CVE-2021-36782 was published for github.com/rancher/rancher (Go) Sep 23, 2022
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
Elrond-go has improper initialization Critical
CVE-2022-36061 was published for github.com/ElrondNetwork/elrond-go (Go) Sep 16, 2022
Casdoor arbitrary file write vulnerability Critical
CVE-2022-38638 was published for github.com/casdoor/casdoor (Go) Sep 10, 2022
Path Traversal in Beego Critical
CVE-2022-31836 was published for github.com/beego/beego (Go) Jul 6, 2022
Improper Restriction of Excessive Authentication Attempts Critical
CVE-2022-2321 was published for github.com/heroiclabs/nakama/v3 (Go) Jul 6, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
Signature forgery in Biscuit Critical
CVE-2022-31053 was published for biscuit-auth (Go) Jun 17, 2022
avivdolev Churro
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
OS Command Injection in file editor in Gogs Critical
CVE-2022-1986 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Path Traversal in file editor on Windows in Gogs Critical
CVE-2022-1992 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database