GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
178 advisories
Filter by severity
Arbitrary code execution due to an uncontrolled search path for the git binary
Critical
CVE-2021-28955
was published
for
github.com/MichaelMure/git-bug
(Go)
May 25, 2021
Grafana Authentication Bypass
Critical
CVE-2018-15727
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Hashicorp Nomad Access Control Issues
Critical
CVE-2019-12618
was published
for
github.com/hashicorp/nomad
(Go)
May 24, 2022
Improper Authentication in Apache Traffic Control
Critical
CVE-2019-12405
was published
for
github.com/apache/trafficcontrol
(Go)
May 18, 2021
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
Reuse of one time passwords allowed in Gitea
Critical
CVE-2021-45331
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Gitea Remote Code Execution (RCE)
Critical
CVE-2018-18926
was published
for
code.gitea.io/gitea
(Go)
Feb 15, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
tar-utils Path Traversal vulnerability
Critical
CVE-2020-36566
was published
for
github.com/whyrusleeping/tar-utils
(Go)
Dec 28, 2022
Unzip vulnerable to path traversal
Critical
CVE-2020-36561
was published
for
github.com/yi-ge/unzip
(Go)
Dec 28, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy
Critical
CVE-2022-38580
was published
for
github.com/zalando/skipper
(Go)
Oct 25, 2022
Labstack Echo Open Redirect vulnerability
Critical
CVE-2022-40083
was published
for
github.com/labstack/echo/v4
(Go)
Sep 29, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Critical
CVE-2021-4236
was published
for
github.com/ecnepsnai/web
(Go)
Dec 28, 2022
Access control bypass in beego
Critical
CVE-2022-31259
was published
for
github.com/beego/beego
(Go)
May 22, 2022
Path Traversal in Beego
Critical
CVE-2022-31836
was published
for
github.com/beego/beego
(Go)
Jul 6, 2022
go-unzip vulnerable to Path Traversal
Critical
CVE-2020-36560
was published
for
github.com/artdarek/go-unzip
(Go)
Dec 28, 2022
EnvoyProxy Envoy Missing HTTP URL path normalization
Critical
CVE-2019-9901
was published
for
github.com/envoyproxy/envoy
(Go)
May 24, 2022
Casdoor arbitrary file write vulnerability
Critical
CVE-2022-38638
was published
for
github.com/casdoor/casdoor
(Go)
Sep 10, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
Helm Improper Certificate Validation
Critical
CVE-2019-1010275
was published
for
helm.sh/helm
(Go)
May 24, 2022
glot-code-runner RCE
Critical
CVE-2018-15747
was published
for
github.com/prasmussen/glot-code-runner
(Go)
May 24, 2022
gitjacker arbitrary code execution
Critical
CVE-2021-29417
was published
for
github.com/liamg/gitjacker
(Go)
May 24, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
ProTip!
Advisories are also available from the
GraphQL API