GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
Path traversal in Grafana Cortex
Moderate
CVE-2021-36157
was published
for
github.com/cortexproject/cortex
(Go)
Sep 2, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Path traversal in Grafana Loki
Moderate
CVE-2021-36156
was published
for
github.com/grafana/loki
(Go)
Sep 2, 2021
Incomplete List of Disallowed Inputs in Kubernetes
Moderate
CVE-2021-25737
was published
for
k8s.io/kubernetes
(Go)
Sep 7, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Cross-site Scripting in Beego
Moderate
CVE-2021-39391
was published
for
github.com/beego/beego/v2
(Go)
Sep 15, 2021
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
Cross-site Scripting in Mattermost
Moderate
CVE-2021-37860
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Sep 23, 2021
Cross-site Scripting in Gitea
Moderate
CVE-2021-28378
was published
for
code.gitea.io/gitea
(Go)
Sep 27, 2021
Insufficiently restricted permissions on plugin directories
Moderate
CVE-2021-41103
was published
for
github.com/containerd/containerd
(Go)
Oct 4, 2021
Email relay in Apache Traffic Control
Moderate
CVE-2021-42009
was published
for
github.com/apache/trafficcontrol
(Go)
Oct 13, 2021
Policies not properly enforced in bluemonday
Moderate
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
Authz Module Non-Determinism
Moderate
CVE-2021-41135
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Oct 21, 2021
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Moderate
CVE-2021-41173
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 25, 2021
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
OIDC claims not updated from Identity Provider in Pomerium
Moderate
CVE-2021-41230
was published
for
github.com/pomerium/pomerium
(Go)
Nov 10, 2021
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Moderate
CVE-2021-22565
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
Nov 10, 2021
Misconfigured IP address field in ROA leads to OctoRPKI crash
Moderate
CVE-2021-3911
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Infinite open connection causes OctoRPKI to hang forever
Moderate
CVE-2021-3909
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Infinite certificate chain depth results in OctoRPKI running forever
Moderate
CVE-2021-3908
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
Moderate
CVE-2021-3912
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Moderate
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
Broken encryption in EdgeX Foundry
Moderate
CVE-2021-41278
was published
for
github.com/edgexfoundry/app-functions-sdk-go
(Go)
Nov 19, 2021
Denial of Service in Go-Ethereum
Moderate
CVE-2021-43668
was published
for
github.com/ethereum/go-ethereum
(Go)
Nov 23, 2021
ProTip!
Advisories are also available from the
GraphQL API