GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,752 advisories
Filter by severity
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Moderate
CVE-2020-11091
was published
for
github.com/weaveworks/weave
(Go)
May 27, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Argo Server TLS requests could be forged by attacker with network access
Moderate
GHSA-6c73-2v8x-qpvm
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine
Moderate
CVE-2015-3627
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Information Exposure in Docker Engine
High
CVE-2015-3630
was published
for
github.com/moby/moby
(Go)
Feb 15, 2022
Network policy may be bypassed by some ICMP Echo Requests
Low
GHSA-c66w-hq56-4q97
was published
for
github.com/cilium/cilium
(Go)
May 21, 2021
Auth bypass in SAML provider
Critical
GHSA-433w-mm6h-rv9p
was published
for
github.com/netlify/gotrue
(Go)
Jun 23, 2021
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Critical
GHSA-gp6j-vx54-5pmf
was published
for
github.com/keep-network/keep-ecdsa
(Go)
Jan 6, 2022
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
High
GHSA-m7vp-hqwv-7m5x
was published
for
github.com/spiffe/spire
(Go)
Jan 12, 2022
User object created with invalid provider data in GoTrue
Moderate
GHSA-wpfr-6297-9v57
was published
for
github.com/netlify/gotrue
(Go)
Feb 9, 2022
Possible filesystem space exhaustion by local users
Moderate
GHSA-chxf-fjcf-7fwp
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
Multiple security issues in Pomerium's embedded envoy
Moderate
GHSA-j34v-3552-5r7j
was published
for
github.com/pomerium/pomerium
(Go)
Mar 1, 2022
Improper random number generation in github.com/coredns/coredns
Moderate
GHSA-gv9j-4w24-q7vx
was published
for
github.com/coredns/coredns
(Go)
Mar 1, 2022
Denial of service via insufficient metadata validation
Moderate
GHSA-p93v-m2r2-4387
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
Possible privilege escalation via bash completion script
Moderate
GHSA-w4f8-fxq2-j35v
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
ProTip!
Advisories are also available from the
GraphQL API