GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability
Moderate
CVE-2023-0229
was published
for
github.com/openshift/apiserver-library-go
(Go)
Jan 26, 2023
Denial of service via HAMT Decoding Panics
Moderate
CVE-2023-23625
was published
for
github.com/ipfs/go-unixfs
(Go)
Feb 10, 2023
Macaron i18n Open Redirect vulnerability
Moderate
CVE-2020-36627
was published
for
github.com/go-macaron/i18n
(Go)
Dec 25, 2022
golang.org/x/net/http2 vulnerable to possible excessive memory growth
Moderate
CVE-2022-41717
was published
for
golang.org/x/net
(Go)
Dec 8, 2022
Improper use of metav1.Duration allows for Denial of Service
Moderate
CVE-2022-39272
was published
for
github.com/fluxcd/flux2
(Go)
Oct 19, 2022
Insufficient Verification of Proofs generated by the immudb server in client SDK.
Moderate
CVE-2022-36111
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature
Moderate
CVE-2022-36056
was published
for
github.com/sigstore/cosign
(Go)
Sep 16, 2022
Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
Moderate
GHSA-x279-68rr-jp4p
was published
for
github.com/supranational/blst
(Go)
Oct 7, 2022
Helm passes repository credentials to alternate domain
Moderate
CVE-2021-32690
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Policies not properly enforced in bluemonday
Moderate
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Moderate
CVE-2022-29526
was published
for
golang.org/x/sys
(Go)
Jun 24, 2022
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
Cross-site scripting in bluemonday
Moderate
CVE-2021-29272
was published
for
github.com/microcosm-cc/bluemonday
(Go)
May 18, 2021
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket
Moderate
CVE-2022-24968
was published
for
mellium.im/xmpp
(Go)
Feb 16, 2022
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp
Moderate
GHSA-m658-p24x-p74r
was published
for
mellium.im/xmpp
(Go)
Feb 12, 2022
•
withdrawn
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Incorrect Calculation in github.com/open-policy-agent/opa
Moderate
CVE-2022-23628
was published
for
github.com/open-policy-agent/opa
(Go)
Feb 9, 2022
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion
Moderate
CVE-2021-31525
was published
for
golang.org/x/net
(Go)
May 24, 2022
dhowden tag panic due to out-of-bounds read
Moderate
CVE-2020-29244
was published
for
github.com/dhowden/tag
(Go)
May 24, 2022
dhowden tag panic due to out-of-bounds read
Moderate
CVE-2020-29243
was published
for
github.com/dhowden/tag
(Go)
May 24, 2022
Denial of Service in dhowden/tag
Moderate
CVE-2020-29242
was published
for
github.com/dhowden/tag
(Go)
Feb 7, 2023
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File
Moderate
CVE-2020-8565
was published
for
k8s.io/client-go
(Go)
Feb 6, 2023
go-saml's XML Digital Signatures use SHA-1
Moderate
CVE-2020-36563
was published
for
github.com/RobotsAndPencils/go-saml
(Go)
Dec 28, 2022
revel is vulnerable to resource exhaustion
Moderate
CVE-2020-36568
was published
for
github.com/revel/revel
(Go)
Dec 28, 2022
ProTip!
Advisories are also available from the
GraphQL API