GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
634 advisories
Filter by severity
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher Privilege escalation vulnerability via malicious "Connection" header
High
CVE-2021-31999
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Buffer Overflow in gitea
High
CVE-2021-3382
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Access Restriction Bypass in go-ipfs
High
CVE-2020-10937
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 24, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7666
was published
for
github.com/u-root/u-root/pkg/cpio
(Go)
Apr 24, 2024
Arbitrary Code Execution in Gitea
High
CVE-2020-14144
was published
for
code.gitea.io/gitea
(Go)
Apr 22, 2024
OpenFGA Authorization Bypass
High
CVE-2024-31452
was published
for
github.com/openfga/openfga
(Go)
Apr 16, 2024
Constallation has pods exposed to peers in VPC
High
GHSA-g8fc-vrcg-8vjg
was published
for
github.com/edgelesssys/constellation/v2
(Go)
Apr 15, 2024
Traefik vulnerable to denial of service with Content-length header
High
CVE-2024-28869
was published
for
github.com/traefik/traefik
(Go)
Apr 12, 2024
tiagorlampert CHAOS vulnerable to command injections
High
CVE-2024-30850
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
gin-vue-admin background arbitrary code coverage vulnerability
High
CVE-2024-31457
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Apr 9, 2024
Ollama DNS rebinding vulnerability
High
CVE-2024-28224
was published
for
github.com/ollama/ollama
(Go)
Apr 8, 2024
QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
High
CVE-2024-22189
was published
for
github.com/quic-go/quic-go
(Go)
Apr 2, 2024
Podman affected by CVE-2024-1753 container escape at build time
High
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Cilium has insecure IPsec transport encryption
High
CVE-2024-28860
was published
for
github.com/cilium/cilium
(Go)
Mar 28, 2024
ZITADEL's Improper Content-Type Validation Leads to Account Takeover via Stored XSS + CSP Bypass
High
CVE-2024-29891
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Container escape at build time
High
GHSA-pmf3-c36m-g5cf
was published
for
github.com/containers/buildah
(Go)
Mar 19, 2024
Improper HTML sanitization in ZITADEL
High
CVE-2024-28855
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2024
Intermittent HTTP policy bypass
High
CVE-2024-28248
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Denial of Service (DoS) Vulnerability Due to Unsafe Array Modification in Multi-threaded Environment
High
CVE-2024-21661
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 18, 2024
CLI for Vela Insecure Variable Substitution
High
GHSA-4jhj-3gv3-c3gr
was published
for
github.com/go-vela/cli
(Go)
Mar 15, 2024
ProTip!
Advisories are also available from the
GraphQL API