GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,996
Maven
5,000+
npm
3,710
NuGet
661
pip
3,361
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
217 advisories
Filter by severity
Privilege Escalation in Kubernetes
Critical
CVE-2018-1002105
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Denial of service in go-ethereum due to CVE-2020-28362
Critical
GHSA-m6gx-rhvj-fh52
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Signature Validation Bypass
Critical
GHSA-5684-g483-2249
was published
for
github.com/russellhaering/gosaml2
(Go)
May 24, 2021
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Auth bypass in SAML provider
Critical
GHSA-433w-mm6h-rv9p
was published
for
github.com/netlify/gotrue
(Go)
Jun 23, 2021
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Critical
GHSA-gp6j-vx54-5pmf
was published
for
github.com/keep-network/keep-ecdsa
(Go)
Jan 6, 2022
Command Injection in CasaOS
Critical
CVE-2022-24193
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Mar 11, 2022
SQLinjection in falcon-plus
Critical
CVE-2022-26245
was published
for
github.com/open-falcon/falcon-plus
(Go)
Mar 28, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Git LFS can execute a binary from the current directory on Windows
Critical
CVE-2022-24826
was published
for
github.com/git-lfs/git-lfs
(Go)
Apr 22, 2022
Server-Side Request Forgery in charm
Critical
CVE-2022-29180
was published
for
github.com/charmbracelet/charm
(Go)
May 24, 2022
Elrond-go has improper initialization
Critical
CVE-2022-36061
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 16, 2022
Privilege escalation in Hashicorp Nomad
Critical
CVE-2022-30324
was published
for
github.com/hashicorp/nomad
(Go)
Jun 3, 2022
OS Command Injection in file editor in Gogs
Critical
CVE-2022-1986
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2022-2321
was published
for
github.com/heroiclabs/nakama/v3
(Go)
Jul 6, 2022
OS Command Injection in gogs
Critical
CVE-2021-32546
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
owncast is vulnerable to SQL Injection
Critical
CVE-2022-3751
was published
for
github.com/owncast/owncast
(Go)
Nov 29, 2022
Improper Privilege Management in Gitea
Critical
CVE-2021-45330
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Squalor SQL Injection vulnerability
Critical
CVE-2020-36645
was published
for
github.com/square/squalor
(Go)
Jan 7, 2023
Alist vulnerable to Path Traversal
Critical
CVE-2022-45969
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 16, 2022
ProTip!
Advisories are also available from the
GraphQL API