GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
Bytebase does not restrict low privilege user to access admin issues
Moderate
CVE-2022-32169
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
etcd has no minimum password length
Moderate
CVE-2020-15115
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moderate
CVE-2022-36109
was published
for
github.com/moby/moby
(Go)
Sep 16, 2022
ouqiang gocron Cross-site scripting vulnerability
Moderate
CVE-2022-40365
was published
for
github.com/ouqiang/gocron
(Go)
Sep 15, 2022
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0111
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0110
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0112
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0106
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0107
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
usememos/memos vulnerable to stored Cross-site Scripting
Moderate
CVE-2023-0108
was published
for
github.com/usememos/memos
(Go)
Jan 7, 2023
Echo vulnerable to directory traversal
Moderate
CVE-2020-36565
was published
for
github.com/labstack/echo/v4
(Go)
Dec 7, 2022
Traefik routes exposed with an empty TLSOption
Moderate
CVE-2022-46153
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
HashiCorp Vault improper configuration of multi factor authentication
Moderate
CVE-2022-30689
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability
Moderate
CVE-2022-31677
was published
for
go.pinniped.dev
(Go)
Sep 1, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4044
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
Denial of service in Mattermost
Moderate
CVE-2022-4045
was published
for
github.com/mattermost/mattermost-server
(Go)
Nov 23, 2022
gotify/server vulnerable to Cross-site Scripting in the application image file upload
Moderate
CVE-2022-46181
was published
for
github.com/gotify/server
(Go)
Dec 30, 2022
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Moderate
CVE-2021-22565
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
Nov 10, 2021
Unverified Ownership in Kubernetes
Moderate
CVE-2020-8554
was published
for
k8s.io/kubernetes
(Go)
Feb 8, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Moderate
CVE-2021-32699
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
AAD Pod Identity obtaining token with backslash
Moderate
CVE-2022-23551
was published
for
github.com/Azure/aad-pod-identity
(Go)
Dec 21, 2022
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers
Moderate
CVE-2022-24687
was published
for
github.com/hashicorp/consul
(Go)
Feb 25, 2022
Stored Cross-site Scripting in gitea
Moderate
CVE-2022-1928
was published
for
code.gitea.io/gitea
(Go)
May 30, 2022
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
ProTip!
Advisories are also available from the
GraphQL API