GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,749 advisories
Filter by severity
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Race condition allowing privilege escalation
Critical
CVE-2022-39328
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana directory traversal for .cvs files
Moderate
CVE-2021-43815
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
containerd started with non-empty inheritable Linux process capabilities
Low
GHSA-c9cp-9c75-9v8c
was published
for
github.com/containerd/containerd
(Go)
May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used
Low
CVE-2021-32026
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API