GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
885 advisories
Filter by severity
go-retryablehttp can leak basic auth credentials to log files
Moderate
CVE-2024-6104
was published
for
github.com/hashicorp/go-retryablehttp
(Go)
Jun 24, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Moderate
GHSA-rvj4-q8q5-8grf
was published
for
github.com/traefik/traefik/v2
(Go)
Jun 20, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Rancher's External RoleTemplates can lead to privilege escalation
Moderate
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Moderate
GHSA-7jmw-8259-q9jx
was published
for
github.com/traefik/traefik
(Go)
Jun 11, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing
Moderate
GHSA-xmmx-7jpf-fx42
was published
for
github.com/docker/docker
(Go)
Jun 10, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io
Moderate
CVE-2021-41092
was published
for
github.com/docker/cli
(Go)
Jun 10, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name
Moderate
CVE-2024-36106
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 6, 2024
Open Redirect URL in Harbor
Moderate
CVE-2024-22244
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Moderate
CVE-2024-37032
was published
for
github.com/ollama/ollama
(Go)
May 31, 2024
MinIO information disclosure vulnerability
Moderate
CVE-2024-36107
was published
for
github.com/minio/minio
(Go)
May 29, 2024
Denial of service of Minder Server from maliciously crafted GitHub attestations
Moderate
CVE-2024-35238
was published
for
github.com/stacklok/minder
(Go)
May 28, 2024
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop
Moderate
GHSA-f7cq-5v43-8pwp
was published
for
github.com/traefik/traefik
(Go)
May 23, 2024
Dapr API Token Exposure
Moderate
CVE-2024-35223
was published
for
github.com/dapr/dapr
(Go)
May 22, 2024
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Moderate
GHSA-qjcv-rx3v-7mvj
was published
for
github.com/cosmos/ibc-go
(Go)
May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
ProTip!
Advisories are also available from the
GraphQL API