Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
kube-state-metrics may expose secret content in metrics Moderate
CVE-2019-10223 was published for k8s.io/kube-state-metrics (Go) May 24, 2022
Helm vulnerable to denial of service through string value parsing Moderate
CVE-2022-23524 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
Command injection in Rancher Git package Moderate
CVE-2022-43758 was published for github.com/rancher/rancher (Go) Jan 25, 2023
cokeBeer snoopysecurity
Reflected XSS in Gotify's /docs via import of outdated Swagger UI Moderate
GHSA-3244-8mff-w398 was published for github.com/gotify/server (Go) Jan 10, 2023
40826d
Improper Input Validation in Docker Engine Moderate
CVE-2020-13401 was published for github.com/docker/docker-ce (Go) Feb 15, 2022
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-0934 was published for github.com/answerdev/answer (Go) Feb 21, 2023
Uncontrolled Resource Consumption in Hashicorp Nomad Moderate
CVE-2023-0821 was published for github.com/hashicorp/nomad (Go) Feb 17, 2023
Grafana vulnerable to Cross-site Scripting Moderate
CVE-2023-0594 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Open redirect in caddy Moderate
CVE-2022-29718 was published for github.com/caddyserver/caddy (Go) Jun 3, 2022
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1237 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1239 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1238 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1240 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1241 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1242 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1243 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1244 was published for github.com/answerdev/answer (Go) Mar 7, 2023
Answer vulnerable to Cross-site Scripting Moderate
CVE-2023-1245 was published for github.com/answerdev/answer (Go) Mar 7, 2023
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2837 was published for github.com/coredns/coredns (Go) Mar 3, 2023
chrisbloom7
coreDNS vulnerable to Improper Restriction of Communication Channel to Intended Endpoints Moderate
CVE-2022-2835 was published for github.com/coredns/coredns (Go) Mar 3, 2023
Authelia allows open redirects on the logout endpoint Moderate
CVE-2021-29456 was published for github.com/authelia/authelia/v4 (Go) Mar 16, 2023
jonbayl
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
cilium-agent container can access the host via `hostPath` mount Moderate
CVE-2023-27593 was published for github.com/cilium/cilium (Go) Mar 17, 2023
tasoskoutlis-f3 daniel-f3
mag-ocz
`cilium-cli` disables etcd authorization for clustermesh clusters Moderate
CVE-2023-28114 was published for github.com/cilium/cilium-cli (Go) Mar 21, 2023
giorio94
Answer has Observable Timing Discrepancy Moderate
CVE-2023-1538 was published for github.com/answerdev/answer (Go) Mar 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database