Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,493 advisories

Loading
Cross-site Scripting in Mattermost Moderate
CVE-2021-37860 was published for github.com/mattermost/mattermost-server/v5 (Go) Sep 23, 2021
andrewpollock
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Cross-site Scripting in Gitea Moderate
CVE-2021-28378 was published for code.gitea.io/gitea (Go) Sep 27, 2021
Insufficiently restricted permissions on plugin directories Moderate
CVE-2021-41103 was published for github.com/containerd/containerd (Go) Oct 4, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
S3 storage write is not aborted on errors leading to unbounded memory usage High
GHSA-m6m5-pp4g-fcc8 was published for github.com/foxcpp/maddy (Go) Oct 6, 2021
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
Email relay in Apache Traffic Control Moderate
CVE-2021-42009 was published for github.com/apache/trafficcontrol (Go) Oct 13, 2021
Policies not properly enforced in bluemonday High
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Authz Module Non-Determinism Moderate
CVE-2021-41135 was published for github.com/cosmos/cosmos-sdk (Go) Oct 21, 2021
robert-zaremba iramiller
Geth Node Vulnerable to DoS via maliciously crafted p2p message Moderate
CVE-2021-41173 was published for github.com/ethereum/go-ethereum (Go) Oct 25, 2021
rjl493456442 holiman
github.com/tidwall/gjson Vulnerable to REDoS attack High
CVE-2021-42836 was published for github.com/tidwall/gjson (Go) Oct 25, 2021
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
OIDC claims not updated from Identity Provider in Pomerium Moderate
CVE-2021-41230 was published for github.com/pomerium/pomerium (Go) Nov 10, 2021
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
Misconfigured IP address field in ROA leads to OctoRPKI crash Moderate
CVE-2021-3911 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Arbitrary filepath traversal via URI injection High
CVE-2021-3907 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
NUL character in ROA causes OctoRPKI to crash High
CVE-2021-3910 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Infinite open connection causes OctoRPKI to hang forever Moderate
CVE-2021-3909 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
michaelkedar
Infinite certificate chain depth results in OctoRPKI running forever Moderate
CVE-2021-3908 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
andrewpollock
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database