Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

224 advisories

Loading
Some CORS middleware allow untrusted origins Critical
GHSA-vhxv-fg4m-p2w8 was published for github.com/jub0bs/cors (Go) May 3, 2024
jub0bs
Cross-site scripting on application summary component Critical
CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024
Ry0taK agaudreault
crenshaw-dev
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
mellium.im/sasl authentication failure due to insufficient nonce randomness Critical
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
docconv OS Command Injection vulnerability Critical
CVE-2022-4643 was published for code.sajari.com/docconv (Go) Dec 22, 2022
btcd mishandles witness size checking Critical
CVE-2022-44797 was published for github.com/btcsuite/btcd (Go) Nov 7, 2022
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
Collision of hash values in github.com/bnb-chain/tss-lib Critical
CVE-2022-47931 was published for github.com/bnb-chain/tss-lib (Go) Dec 23, 2022
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
LZ4 vulnerable to Out-of-bounds Write Critical
CVE-2014-125026 was published for github.com/cloudflare/golz4 (Go) Dec 28, 2022
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches Critical
CVE-2024-3817 was published for github.com/hashicorp/go-getter (Go) Apr 17, 2024
Gitea Allows 1FA Even for 2FA-Enrolled Accounts Critical
CVE-2019-11576 was published for code.gitea.io/gitea (Go) May 24, 2022
Improper Access Control in Gitea Critical
CVE-2020-28991 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Privilege Escalation in kubevirt Critical
CVE-2020-14316 was published for kubevirt.io/kubevirt (Go) Apr 24, 2024
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx Critical
CVE-2021-32637 was published for github.com/authelia/authelia/v4 (Go) Dec 20, 2021
Evmos transaction execution not accounting for all state transition after interaction with precompiles Critical
CVE-2024-32644 was published for github.com/evmos/evmos/v16 (Go) Apr 10, 2024
iczc
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit Critical
GHSA-v6rw-hhgg-wc4x was published for github.com/evmos/evmos/v11 (Go) Apr 17, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks Critical
GHSA-j496-crgh-34mx was published for github.com/cosmos/ibc-go (Go) Apr 5, 2024
mdulin2
Pterodactyl Wings vulnerable to improper isolation of server file access Critical
CVE-2024-27102 was published for github.com/pterodactyl/wings (Go) Mar 15, 2024
KurtThiemann aft2d
matthewpi
Authorization Bypass Through User-Controlled Key in go-zero Critical
CVE-2024-27302 was published for github.com/zeromicro/go-zero (Go) Mar 4, 2024
cokeBeer
Transparent TLS may not be applied to Marbles with certain manifest configurations Critical
GHSA-x5r5-2qrx-rqj8 was published for github.com/edgelesssys/marblerun (Go) Feb 27, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials Critical
CVE-2024-25124 was published for github.com/gofiber/fiber/v2 (Go) Feb 22, 2024
gaby sixcolors
ReneWerner87
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database