GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Moderate
CVE-2022-4812
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authentication vulnerability
Moderate
CVE-2022-4799
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
Authorization Bypass Through User-Controlled Key play-with-docker
Moderate
CVE-2023-28109
was published
for
github.com/play-with-docker/play-with-docker
(Go)
Mar 17, 2023
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Netmaker IDOR Allows User to Update Other User's Password
High
CVE-2023-32078
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Go package pydio/cells vulnerable to authorization bypass
Moderate
CVE-2023-2978
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass
Moderate
GHSA-mh7p-8m2f-qrm6
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
•
withdrawn
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
Grafana: Users outside an organization can delete a snapshot with its key
Moderate
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik/v2
(Go)
Jul 5, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API