GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
695 advisories
Filter by severity
PolicyController before 0.2.1 may bypass attestation verification
High
CVE-2022-35930
was published
for
github.com/sigstore/policy-controller
(Go)
Aug 10, 2022
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists
High
CVE-2022-35929
was published
for
github.com/sigstore/cosign
(Go)
Aug 10, 2022
Improper Authentication in Kubernetes
High
CVE-2020-8558
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
High
CVE-2021-21403
was published
for
github.com/kongchuanhujiao/server
(Go)
Feb 15, 2022
Remote denial of service in Hyperledger Fabric Gateway
High
CVE-2022-36023
was published
for
github.com/hyperledger/fabric
(Go)
Oct 13, 2022
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
Witness Block Parsing DoS Vulnerability
High
CVE-2022-39389
was published
for
github.com/lightningnetwork/lnd
(Go)
Nov 18, 2022
protobuf susceptible to buffer overflow
High
CVE-2015-5237
was published
for
Google.Protobuf
(Composer)
May 13, 2022
OpenFGA Authorization Bypass
High
CVE-2022-23542
was published
for
github.com/openfga/openfga
(Go)
Dec 20, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Istio may allow identity impersonation if user has localhost access
High
CVE-2022-39388
was published
for
github.com/istio/istio
(Go)
Nov 9, 2022
Shell command injection in gitea
High
CVE-2022-30781
was published
for
code.gitea.io/gitea
(Go)
May 17, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request
High
CVE-2022-35253
was published
for
github.com/hyperledger/fabric
(Go)
Sep 25, 2022
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Insufficient Session Expiration in Nakama
High
CVE-2022-2306
was published
for
github.com/heroiclabs/nakama
(Go)
Jul 6, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints
High
CVE-2022-31054
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Path Traversal in Git HTTP endpoints in Gogs
High
CVE-2022-1993
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
SFTPGo vulnerable to recovery codes abuse
High
CVE-2022-36071
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Sep 16, 2022
Helm Controller denial of service
High
CVE-2022-36049
was published
for
github.com/fluxcd/flux2
(Go)
Sep 16, 2022
Invalid session token expiration
High
CVE-2021-32923
was published
for
github.com/hashicorp/vault
(Go)
Jun 8, 2021
Skip the router TLS configuration when the host header is an FQDN
High
CVE-2022-23632
was published
for
github.com/traefik/traefik/v2
(Go)
Feb 16, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector
High
CVE-2022-29153
was published
for
github.com/hashicorp/consul
(Go)
Apr 20, 2022
Improper Input Validation in k8s.io/ingress-nginx
High
CVE-2021-25745
was published
for
k8s.io/ingress-nginx
(Go)
May 7, 2022
Path traversal in ginadmin
High
CVE-2022-30427
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
ProTip!
Advisories are also available from the
GraphQL API