GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Moderate
CVE-2020-26277
was published
for
github.com/datacharmer/dbdeployer
(Go)
Feb 12, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp
Moderate
GHSA-m658-p24x-p74r
was published
for
mellium.im/xmpp
(Go)
Feb 12, 2022
•
withdrawn
GitHub CLI can execute a git binary from the current directory
Moderate
GHSA-fqfh-778m-2v32
was published
for
github.com/cli/cli
(Go)
Feb 11, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull
Moderate
CVE-2020-15157
was published
for
github.com/containerd/containerd
(Go)
Feb 11, 2022
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Unencrypted md5 plaintext hash in metadata in AWS S3 Crypto SDK for golang
Moderate
GHSA-76wf-9vgp-pj7w
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Traefik vulnerable to Open Redirect via handling of X-Forwarded-Prefix header
Moderate
CVE-2020-15129
was published
for
github.com/containous/traefik
(Go)
Feb 11, 2022
Unauthenticated users can exploit an enumeration vulnerability in Harbor (CVE-2019-19030)
Moderate
CVE-2019-19030
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
Cross-site Scripting in Gitea
Moderate
CVE-2021-45329
was published
for
github.com/go-gitea/gitea
(Go)
Feb 10, 2022
User object created with invalid provider data in GoTrue
Moderate
GHSA-wpfr-6297-9v57
was published
for
github.com/netlify/gotrue
(Go)
Feb 9, 2022
Incorrect Calculation in github.com/open-policy-agent/opa
Moderate
CVE-2022-23628
was published
for
github.com/open-policy-agent/opa
(Go)
Feb 9, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Open redirect in Gitea
Moderate
CVE-2021-45328
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Unverified Ownership in Kubernetes
Moderate
CVE-2020-8554
was published
for
k8s.io/kubernetes
(Go)
Feb 8, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Moderate
CVE-2022-0317
was published
for
github.com/google/go-attestation
(Go)
Feb 1, 2022
SQL injection in github.com/navidrome/navidrome
Moderate
CVE-2022-23857
was published
for
github.com/navidrome/navidrome
(Go)
Jan 27, 2022
Denial of Service in graphql-go
Moderate
CVE-2022-21708
was published
for
github.com/graph-gophers/graphql-go
(Go)
Jan 27, 2022
Subdomain Takeover in Interactsh server
Moderate
CVE-2023-36474
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jan 27, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Signature verification failure in Tendermint
Moderate
GHSA-f3w5-v9xx-rp8p
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API