Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

749 advisories

Loading
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
HTTP Request Smuggling in github.com/hyperledger/fabric High
CVE-2021-43669 was published for github.com/hyperledger/fabric (Go) Dec 3, 2021
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
NUL character in ROA causes OctoRPKI to crash High
CVE-2021-3910 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Arbitrary filepath traversal via URI injection High
CVE-2021-3907 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
github.com/tidwall/gjson Vulnerable to REDoS attack High
CVE-2021-42836 was published for github.com/tidwall/gjson (Go) Oct 25, 2021
Policies not properly enforced in bluemonday High
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
S3 storage write is not aborted on errors leading to unbounded memory usage High
GHSA-m6m5-pp4g-fcc8 was published for github.com/foxcpp/maddy (Go) Oct 6, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Incorrect Authorization with specially crafted requests High
CVE-2021-39206 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Excessive CPU usage High
CVE-2021-39204 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Incorrect handling of H2 GOAWAY + SETTINGS frames High
CVE-2021-39162 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
HashiCorp Consul Privilege Escalation Vulnerability High
CVE-2021-37219 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
tdunlap607
Privilege escalation in Hashicorp Nomad High
CVE-2021-37218 was published for github.com/hashicorp/nomad (Go) Sep 8, 2021
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values High
CVE-2021-3761 was published for github.com/cloudflare/cfrpki (Go) Sep 7, 2021
job
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Improper use of cryptographic key in wal-g High
CVE-2021-38599 was published for github.com/wal-g/wal-g (Go) Sep 2, 2021
Path traversal in ServiceCenter High
CVE-2021-21501 was published for github.com/apache/servicecomb-service-center (Go) Sep 1, 2021
tdunlap607
ExternalName Services can be used to gain access to Envoy's admin interface High
CVE-2021-32783 was published for github.com/projectcontour/contour (Go) Aug 30, 2021
josh-ferrell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database