GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
634 advisories
Filter by severity
Integer Overflow in go-jose
High
CVE-2016-9123
was published
for
github.com/square/go-jose
(Go)
Jun 23, 2021
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures
High
GHSA-gq5r-cc4w-g8xf
was published
for
github.com/russellhaering/gosaml2
(Go)
Jun 23, 2021
•
withdrawn
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Hugo can execute a binary from the current directory on Windows
High
CVE-2020-26284
was published
for
github.com/gohugoio/hugo
(Go)
Jun 23, 2021
Denial of service in GJSON
High
CVE-2020-35380
was published
for
github.com/tidwall/gjson
(Go)
Jun 23, 2021
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
High
GHSA-qvp4-rpmr-xwrr
was published
for
github.com/ory/oathkeeper
(Go)
Jun 23, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
Incorrect Authorization in ORY Oathkeeper
High
CVE-2021-32701
was published
for
github.com/ory/oathkeeper
(Go)
Jun 24, 2021
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Go Ethereum Denial of Service
High
CVE-2018-19184
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Incorrect Default Permissions in Binance tss-lib
High
CVE-2020-12118
was published
for
github.com/binance-chain/tss-lib
(Go)
Jun 29, 2021
Denial of Service in miekg-dns
High
CVE-2017-15133
was published
for
github.com/miekg/dns
(Go)
Jun 29, 2021
Hashicorp Consul Missing SSL Certificate Validation
High
CVE-2021-32574
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
HashiCorp Consul L7 deny intention results in an allow action
High
CVE-2021-36213
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Improper Restriction of Excessive Authentication Attempts in Argo API
High
CVE-2020-8827
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion
High
CVE-2021-23409
was published
for
github.com/pires/go-proxyproto
(Go)
Jul 26, 2021
Improper Resource Shutdown or Release in HashiCorp Vault
High
CVE-2020-7220
was published
for
github.com/hashicorp/vault
(Go)
Jul 28, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Authorization Policy Bypass Due to Case Insensitive Host Comparison
High
CVE-2021-39155
was published
for
istio.io/istio
(Go)
Aug 30, 2021
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
ExternalName Services can be used to gain access to Envoy's admin interface
High
CVE-2021-32783
was published
for
github.com/projectcontour/contour
(Go)
Aug 30, 2021
Path traversal in ServiceCenter
High
CVE-2021-21501
was published
for
github.com/apache/servicecomb-service-center
(Go)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API