Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,112
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
38
Unreviewed advisories
All unreviewed
5,000+

224 advisories

Loading
Grafana Authentication Bypass Critical
CVE-2018-15727 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Helm Unsafe Link Following Critical
CVE-2019-18658 was published for helm.sh/helm (Go) May 24, 2022
Hashicorp Nomad Access Control Issues Critical
CVE-2019-12618 was published for github.com/hashicorp/nomad (Go) May 24, 2022
Improper Authentication in Apache Traffic Control Critical
CVE-2019-12405 was published for github.com/apache/trafficcontrol (Go) May 18, 2021
SQL Injection in Couchbase Sync Gateway Critical
CVE-2019-9039 was published for github.com/couchbase/sync_gateway (Go) Feb 15, 2022
andrewpollock
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
Reuse of one time passwords allowed in Gitea Critical
CVE-2021-45331 was published for code.gitea.io/gitea (Go) Feb 10, 2022
Gitea Remote Code Execution (RCE) Critical
CVE-2018-18926 was published for code.gitea.io/gitea (Go) Feb 15, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
tar-utils Path Traversal vulnerability Critical
CVE-2020-36566 was published for github.com/whyrusleeping/tar-utils (Go) Dec 28, 2022
Unzip vulnerable to path traversal Critical
CVE-2020-36561 was published for github.com/yi-ge/unzip (Go) Dec 28, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607
Labstack Echo Open Redirect vulnerability Critical
CVE-2022-40083 was published for github.com/labstack/echo/v4 (Go) Sep 29, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
Path Traversal in Beego Critical
CVE-2022-31836 was published for github.com/beego/beego (Go) Jul 6, 2022
go-unzip vulnerable to Path Traversal Critical
CVE-2020-36560 was published for github.com/artdarek/go-unzip (Go) Dec 28, 2022
EnvoyProxy Envoy Missing HTTP URL path normalization Critical
CVE-2019-9901 was published for github.com/envoyproxy/envoy (Go) May 24, 2022
Casdoor arbitrary file write vulnerability Critical
CVE-2022-38638 was published for github.com/casdoor/casdoor (Go) Sep 10, 2022
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
Helm Improper Certificate Validation Critical
CVE-2019-1010275 was published for helm.sh/helm (Go) May 24, 2022
glot-code-runner RCE Critical
CVE-2018-15747 was published for github.com/prasmussen/glot-code-runner (Go) May 24, 2022
gitjacker arbitrary code execution Critical
CVE-2021-29417 was published for github.com/liamg/gitjacker (Go) May 24, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability Critical
CVE-2022-4686 was published for github.com/usememos/memos (Go) Dec 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database