GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
Helm passes repository credentials to alternate domain
Moderate
CVE-2021-32690
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Improper network isolation in Hashicorp Nomad
Moderate
CVE-2021-32575
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
SQL Injection in gogs.io/gogs
Moderate
CVE-2014-8681
was published
for
github.com/gogits/gogs
(Go)
Jun 29, 2021
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
Erroneous Proof of Work calculation in geth
Moderate
CVE-2020-26240
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Shallow copy bug in geth
Moderate
CVE-2020-26241
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Denial of service in geth
Moderate
CVE-2020-26242
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Denial of service in github.com/ethereum/go-ethereum
Moderate
CVE-2020-26264
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Consensus flaw during block processing in github.com/ethereum/go-ethereum
Moderate
CVE-2020-26265
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Cross-site scripting in Dutchcoders transfer.sh
Moderate
CVE-2021-33496
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Open Redirect in github.com/AndrewBurian/powermux
Moderate
CVE-2021-32721
was published
for
github.com/AndrewBurian/powermux
(Go)
Jul 1, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Incorrect Authorization in HashiCorp Consul
Moderate
CVE-2020-7955
was published
for
github.com/hashicorp/consul
(Go)
Jul 28, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Attack on Kubernetes via Misconfigured Argo Workflows
Moderate
GHSA-rc7p-gmvh-xfx2
was published
for
github.com/argoproj/argo-workflows
(Go)
Aug 2, 2021
Header dropping in traefik
Moderate
CVE-2021-32813
was published
for
github.com/traefik/traefik
(Go)
Aug 5, 2021
Workflow re-write vulnerability using input parameter
Moderate
CVE-2021-37914
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 9, 2021
Argo Server TLS requests could be forged by attacker with network access
Moderate
GHSA-6c73-2v8x-qpvm
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault
Moderate
CVE-2021-38554
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API