GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
Incorrect Default Permissions in CRI-O
Moderate
CVE-2022-27652
was published
for
github.com/cri-o/cri-o
(Go)
Apr 22, 2022
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Gophish before 0.12.0 vulnerable to Open Redirect
Moderate
CVE-2022-25295
was published
for
github.com/gophish/gophish
(Go)
Sep 12, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
Moderate
CVE-2021-38554
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Smokescreen SSRF via deny list bypass (square brackets)
Moderate
CVE-2022-29188
was published
for
github.com/stripe/smokescreen
(Go)
May 24, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Moderate
CVE-2020-15129
was published
for
github.com/containous/traefik
(Go)
Feb 11, 2022
Uncontrolled Resource Consumption in Mattermost server
Moderate
CVE-2022-1982
was published
for
github.com/mattermost/mattermost-server
(Go)
Jun 3, 2022
DoS via malicious p2p message in Go Ethereum
Moderate
CVE-2022-29177
was published
for
github.com/ethereum/go-ethereum
(Go)
May 24, 2022
Ill-formed headers may lead to unexpected behavior in Istio
Moderate
CVE-2022-31045
was published
for
istio.io/istio
(Go)
Jun 10, 2022
mm-wiki is vulnerable to Cross-Site Scripting (XSS)
Moderate
CVE-2021-40289
was published
for
github.com/phachon/mm-wiki
(Go)
Nov 10, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Moderate
CVE-2022-31066
was published
for
github.com/edgexfoundry/app-functions-sdk-go/v2
(Go)
Jun 17, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Moderate
CVE-2022-31077
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore
Moderate
CVE-2022-31076
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
KubeEdge Cloud AdmissionController component DoS
Moderate
CVE-2022-31074
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
Nomad Panics On Job Submission With Bad Artifact Stanza Source URL
Moderate
CVE-2022-41606
was published
for
github.com/hashicorp/nomad
(Go)
Oct 12, 2022
Mattermost users could access some sensitive information via API call
Moderate
CVE-2022-2401
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jul 15, 2022
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks
Moderate
CVE-2022-37450
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 6, 2022
Insecure cookies in Openshift Origin
Moderate
CVE-2015-3207
was published
for
github.com/openshift/origin
(Go)
Jul 8, 2022
KubeEdge Edge ServiceBus module DoS
Moderate
CVE-2022-31073
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Moderate
CVE-2022-40931
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Sep 30, 2022
Bytebase does not restrict low privilege user to access admin issues
Moderate
CVE-2022-32169
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
etcd has no minimum password length
Moderate
CVE-2020-15115
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
ProTip!
Advisories are also available from the
GraphQL API