Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

965 advisories

Loading
Unverified Ownership in Kubernetes Moderate
CVE-2020-8554 was published for k8s.io/kubernetes (Go) Feb 8, 2022
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
gotify/server vulnerable to Cross-site Scripting in the application image file upload Moderate
CVE-2022-46181 was published for github.com/gotify/server (Go) Dec 30, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability Moderate
CVE-2022-31677 was published for go.pinniped.dev (Go) Sep 1, 2022
HashiCorp Vault improper configuration of multi factor authentication Moderate
CVE-2022-30689 was published for github.com/hashicorp/vault (Go) May 18, 2022
Traefik routes exposed with an empty TLSOption Moderate
CVE-2022-46153 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Echo vulnerable to directory traversal Moderate
CVE-2020-36565 was published for github.com/labstack/echo/v4 (Go) Dec 7, 2022
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0108 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0107 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0106 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0112 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0110 was published for github.com/usememos/memos (Go) Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting Moderate
CVE-2023-0111 was published for github.com/usememos/memos (Go) Jan 7, 2023
ouqiang gocron Cross-site scripting vulnerability Moderate
CVE-2022-40365 was published for github.com/ouqiang/gocron (Go) Sep 15, 2022
etcd has no minimum password length Moderate
CVE-2020-15115 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload Moderate
CVE-2022-40931 was published for github.com/dutchcoders/transfer.sh (Go) Sep 30, 2022
KubeEdge Edge ServiceBus module DoS Moderate
CVE-2022-31073 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks Moderate
CVE-2022-37450 was published for github.com/ethereum/go-ethereum (Go) Aug 6, 2022
Mattermost users could access some sensitive information via API call Moderate
CVE-2022-2401 was published for github.com/mattermost/mattermost-server/v6 (Go) Jul 15, 2022
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL Moderate
CVE-2022-41606 was published for github.com/hashicorp/nomad (Go) Oct 12, 2022
KubeEdge Cloud AdmissionController component DoS Moderate
CVE-2022-31074 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database