GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
634 advisories
Filter by severity
Improper Authentication in HashiCorp Vault
High
CVE-2021-3282
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
Denial of service in HashiCorp Consul
High
CVE-2020-25201
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
High
CVE-2024-23651
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability
High
CVE-2023-44313
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion
High
CVE-2020-15114
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
High
CVE-2024-23828
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers
High
CVE-2024-23656
was published
for
github.com/dexidp/dex
(Go)
Jan 26, 2024
chasquid HTTP Request/Response Smuggling vulnerability
High
CVE-2023-52354
was published
for
github.com/albertito/chasquid
(Go)
Jan 22, 2024
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability
High
CVE-2024-22424
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 19, 2024
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft
High
GHSA-qr8r-m495-7hc4
was published
for
github.com/cometbft/cometbft
(Go)
Jan 19, 2024
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber)
High
GHSA-f6jh-hvg2-9525
was published
for
github.com/kudelskisecurity/crystals-go
(Go)
Jan 17, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268)
High
CVE-2024-22198
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269)
High
CVE-2024-22197
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270)
High
CVE-2024-22196
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 11, 2024
snapd Race Condition vulnerability
High
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
CIRCL's Kyber: timing side-channel (kyberslash2)
High
GHSA-9763-4f94-gfch
was published
for
github.com/cloudflare/circl
(Go)
Jan 8, 2024
User-provided environment values allow execution on macOS agents
High
GHSA-vfxf-76hv-v4w4
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
SFTP is possible on the Proxy server for any user with SFTP access
High
GHSA-c9v7-wmwj-vf6x
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Maliciously crafted Git server replies can cause DoS on go-git clients
High
CVE-2023-49568
was published
for
github.com/go-git/go-git/v5
(Go)
Dec 27, 2023
free5GC AMF denial of service vulnerability
High
CVE-2023-49391
was published
for
github.com/free5gc/amf
(Go)
Dec 22, 2023
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability
High
CVE-2023-43741
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
Buildkite Elastic CI for AWS symbolic link following vulnerability
High
CVE-2023-43116
was published
for
github.com/buildkite/elastic-ci-stack-for-aws/v6
(Go)
Dec 22, 2023
Authentication bypass vulnerability in navidrome's subsonic endpoint
High
CVE-2023-51442
was published
for
github.com/navidrome/navidrome
(Go)
Dec 19, 2023
ProTip!
Advisories are also available from the
GraphQL API