GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,752 advisories
Filter by severity
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
Sysctls applied to containers with host IPC or host network namespaces can affect the host
Moderate
GHSA-w2j5-3rcx-vx7x
was published
for
github.com/cri-o/cri-o
(Go)
Mar 15, 2022
Opened exploitable ports in default docker-compose.yaml in go-ipfs
Moderate
GHSA-fx5p-f64h-93xc
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 4, 2022
Daemon panics when processing certain blocks
High
GHSA-mcq2-w56r-5w2w
was published
for
github.com/ipld/go-ipfs
(Go)
Apr 8, 2022
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
GitHub CLI can execute a git binary from the current directory
Moderate
GHSA-fqfh-778m-2v32
was published
for
github.com/cli/cli
(Go)
Feb 11, 2022
Arbitrary File Write via Archive Extraction in mholt/archiver
Moderate
CVE-2018-1002207
was published
for
github.com/mholt/archiver
(Go)
Feb 15, 2022
nftables binding to an already bound chain
Moderate
GHSA-jr8j-2jhp-m67v
was published
for
github.com/siderolabs/talos
(Go)
Sep 16, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
High
GHSA-34vw-m4rh-r36p
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
DOS and excessive memory usage when passing untrusted user input to to dag import
Moderate
GHSA-f2gr-7299-487h
was published
for
github.com/ipfs/go-ipfs
(Go)
Jul 6, 2022
Cilium host policy bypass in endpoint-routes mode with dual-stack
Low
GHSA-wc5v-r48v-g4vh
was published
for
github.com/cilium/cilium
(Go)
Jul 15, 2022
personnummer/go vulnerable to Improper Input Validation
Low
GHSA-hv53-vf5m-8q94
was published
for
github.com/personnummer/go
(Go)
Feb 11, 2022
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Low
GHSA-9gp7-6833-wv89
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
etcd vulnerable to TOCTOU of gateway endpoint authentication
Low
GHSA-h8g9-6gvh-5mrc
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF)
Moderate
GHSA-47xh-qxqv-mgvg
was published
for
github.com/mittwald/kube-httpcache
(Go)
Dec 2, 2022
Network Policies & (Clusterwide) Cilium Network Policies with namespace label selectors may unexpectedly select pods with maliciously crafted labels
Moderate
GHSA-pfhr-pccp-hwmh
was published
for
github.com/cilium/cilium
(Go)
Aug 30, 2022
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
"Verify All" Returns Success Despite Validation Failures in Singularity
High
CVE-2020-13846
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Bloom Uncontrolled Search Path Element vulnerability
High
CVE-2023-0247
was published
for
github.com/bits-and-blooms/bloom
(Go)
Jan 12, 2023
usememos/memos vulnerable to improper access control
Moderate
CVE-2022-4685
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Zitadel RefreshToken invalidation vulnerability
Moderate
CVE-2023-22492
was published
for
github.com/zitadel/zitadel
(Go)
Jan 11, 2023
Rancher generated tokens not revoked after modifications made to authentication provider
High
GHSA-c45c-39f6-6gw9
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
ProTip!
Advisories are also available from the
GraphQL API