Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,504 advisories

Loading
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header Moderate
CVE-2020-15129 was published for github.com/containous/traefik (Go) Feb 11, 2022
avivdolev
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm High
CVE-2020-8918 was published for github.com/google/go-tpm (Go) Feb 11, 2022
chrisfenner
Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030) Moderate
CVE-2019-19030 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O Moderate
CVE-2022-0532 was published for github.com/cri-o/cri-o (Go) Feb 11, 2022
Cross-site Scripting in Gitea Moderate
CVE-2021-45329 was published for github.com/go-gitea/gitea (Go) Feb 10, 2022
Reuse of one time passwords allowed in Gitea Critical
CVE-2021-45331 was published for code.gitea.io/gitea (Go) Feb 10, 2022
Improper Privilege Management in Gitea Critical
CVE-2021-45330 was published for code.gitea.io/gitea (Go) Feb 10, 2022
User object created with invalid provider data in GoTrue Moderate
GHSA-wpfr-6297-9v57 was published for github.com/netlify/gotrue (Go) Feb 9, 2022
Incorrect Calculation in github.com/open-policy-agent/opa Moderate
CVE-2022-23628 was published for github.com/open-policy-agent/opa (Go) Feb 9, 2022
johanneslarsson
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers High
CVE-2020-14359 was published for github.com/keycloak/keycloak-gatekeeper (Go) Feb 9, 2022
Capture-replay in Gitea Critical
CVE-2021-45327 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
tdunlap607
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Gitea displaying raw OpenID error in UI Moderate
CVE-2021-45325 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Open redirect in Gitea Moderate
CVE-2021-45328 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Unverified Ownership in Kubernetes Moderate
CVE-2020-8554 was published for k8s.io/kubernetes (Go) Feb 8, 2022
OCI Manifest Type Confusion Issue Low
GHSA-qq97-vm5h-rrhg was published for github.com/docker/distribution (Go) Feb 8, 2022
samuelkarp
Incorrect Authorization in NATS nats-server High
CVE-2022-24450 was published for github.com/nats-io/nats-server/v2 (Go) Feb 8, 2022
Churro andrewpollock
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
SQL Injection in Casdoor High
CVE-2022-24124 was published for github.com/casdoor/casdoor (Go) Feb 1, 2022
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database