Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

819 advisories

Loading
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability Moderate
CVE-2023-0229 was published for github.com/openshift/apiserver-library-go (Go) Jan 26, 2023
Denial of service via HAMT Decoding Panics Moderate
CVE-2023-23625 was published for github.com/ipfs/go-unixfs (Go) Feb 10, 2023
Jorropo
Macaron i18n Open Redirect vulnerability Moderate
CVE-2020-36627 was published for github.com/go-macaron/i18n (Go) Dec 25, 2022
golang.org/x/net/http2 vulnerable to possible excessive memory growth Moderate
CVE-2022-41717 was published for golang.org/x/net (Go) Dec 8, 2022
westonsteimel
Improper use of metav1.Duration allows for Denial of Service Moderate
CVE-2022-39272 was published for github.com/fluxcd/flux2 (Go) Oct 19, 2022
codablock
Insufficient Verification of Proofs generated by the immudb server in client SDK. Moderate
CVE-2022-36111 was published for github.com/codenotary/immudb (Go) Nov 21, 2022
Cosign bundle can be crafted to successfully verify a blob even if the embedded rekorBundle does not reference the given signature Moderate
CVE-2022-36056 was published for github.com/sigstore/cosign (Go) Sep 16, 2022
codysoyland asraa
haydentherapper
Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function Moderate
GHSA-x279-68rr-jp4p was published for github.com/supranational/blst (Go) Oct 7, 2022
guidovranken
Helm passes repository credentials to alternate domain Moderate
CVE-2021-32690 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
Policies not properly enforced in bluemonday Moderate
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
golang.org/x/sys/unix has Incorrect privilege reporting in syscall Moderate
CVE-2022-29526 was published for golang.org/x/sys (Go) Jun 24, 2022
Duplicate Advisory: Helm passes repository credentials to alternate domain Moderate
GHSA-7jr6-prv4-5wf5 was published for helm.sh/helm/v3 (Go) Jun 23, 2021 withdrawn
Cross-site scripting in bluemonday Moderate
CVE-2021-29272 was published for github.com/microcosm-cc/bluemonday (Go) May 18, 2021
CBC padding oracle issue in AWS S3 Crypto SDK for golang Moderate
CVE-2020-8911 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket Moderate
CVE-2022-24968 was published for mellium.im/xmpp (Go) Feb 16, 2022
moparisthebest
Duplicate Advisory: TLS certificate validation error in mellium.im/xmpp Moderate
GHSA-m658-p24x-p74r was published for mellium.im/xmpp (Go) Feb 12, 2022 withdrawn
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
Incorrect Calculation in github.com/open-policy-agent/opa Moderate
CVE-2022-23628 was published for github.com/open-policy-agent/opa (Go) Feb 9, 2022
johanneslarsson
golang.org/x/net/http/httpguts vulnerable to Uncontrolled Recursion Moderate
CVE-2021-31525 was published for golang.org/x/net (Go) May 24, 2022
dhowden tag panic due to out-of-bounds read Moderate
CVE-2020-29244 was published for github.com/dhowden/tag (Go) May 24, 2022
dhowden tag panic due to out-of-bounds read Moderate
CVE-2020-29243 was published for github.com/dhowden/tag (Go) May 24, 2022
Denial of Service in dhowden/tag Moderate
CVE-2020-29242 was published for github.com/dhowden/tag (Go) Feb 7, 2023
Kubernetes client-go vulnerable to Sensitive Information Leak via Log File Moderate
CVE-2020-8565 was published for k8s.io/client-go (Go) Feb 6, 2023
go-saml's XML Digital Signatures use SHA-1 Moderate
CVE-2020-36563 was published for github.com/RobotsAndPencils/go-saml (Go) Dec 28, 2022
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API