GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
749 advisories
Filter by severity
MinIO vulnerable to privilege escalation in IAM import API
High
CVE-2024-55949
was published
for
github.com/minio/minio
(Go)
Dec 16, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Dec 16, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy
High
GHSA-7prj-hgx4-2xc3
was published
for
github.com/ryanbekhen/nanoproxy
(Go)
Dec 12, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
pgx SQL Injection via Protocol Message Size Overflow
High
CVE-2024-27304
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
Path Traversal in Buildah
High
CVE-2020-10696
was published
for
github.com/containers/buildah
(Go)
May 18, 2021
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Ollama Out-of-bounds Read
High
CVE-2024-39720
was published
for
github.com/ollama/ollama
(Go)
Oct 31, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
Moby Race Condition vulnerability
High
CVE-2024-36623
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Moby Race Condition vulnerability
High
CVE-2024-36621
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
High
CVE-2024-54131
was published
for
github.com/kolide/launcher
(Go)
Dec 3, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws
High
GHSA-7f6p-phw2-8253
was published
for
github.com/taurusgroup/multi-party-sig
(Go)
Nov 25, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
High
GHSA-7225-m954-23v7
was published
for
cosmossdk.io/math
(Go)
Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
High
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl
(Go)
Oct 1, 2024
Git credentials are exposed in Atlantis logs
High
CVE-2024-52009
was published
for
github.com/runatlantis/atlantis
(Go)
Nov 8, 2024
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
High
GHSA-p7mv-53f2-4cwj
was published
for
github.com/cometbft/cometbft
(Go)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API