GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
889 advisories
Filter by severity
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Moderate
CVE-2021-43784
was published
for
github.com/opencontainers/runc
(Go)
Dec 7, 2021
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
Observable Discrepancy in Argo
Moderate
CVE-2020-11576
was published
for
github.com/argoproj/argo-cd
(Go)
Dec 9, 2021
Excessive Platform Resource Consumption within a Loop in Kubernetes
Moderate
CVE-2019-11254
was published
for
github.com/go-yaml/yaml
(Go)
Dec 20, 2021
Denial of Service in OpenShift Origin
Moderate
CVE-2015-5250
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open Redirect in oauth2_proxy
Moderate
CVE-2017-1000070
was published
for
github.com/bitly/oauth2_proxy
(Go)
Dec 20, 2021
Open redirect vulnerability in Sourcegraph
Moderate
CVE-2020-12283
was published
for
github.com/sourcegraph/sourcegraph
(Go)
Dec 20, 2021
Denial of Service in TenderMint
Moderate
CVE-2020-15091
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
Signature verification failure in Tendermint
Moderate
GHSA-f3w5-v9xx-rp8p
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
Subdomain Takeover in Interactsh server
Moderate
CVE-2023-36474
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jan 27, 2022
Denial of Service in graphql-go
Moderate
CVE-2022-21708
was published
for
github.com/graph-gophers/graphql-go
(Go)
Jan 27, 2022
SQL injection in github.com/navidrome/navidrome
Moderate
CVE-2022-23857
was published
for
github.com/navidrome/navidrome
(Go)
Jan 27, 2022
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Moderate
CVE-2022-0317
was published
for
github.com/google/go-attestation
(Go)
Feb 1, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
Unverified Ownership in Kubernetes
Moderate
CVE-2020-8554
was published
for
k8s.io/kubernetes
(Go)
Feb 8, 2022
Open redirect in Gitea
Moderate
CVE-2021-45328
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Incorrect Calculation in github.com/open-policy-agent/opa
Moderate
CVE-2022-23628
was published
for
github.com/open-policy-agent/opa
(Go)
Feb 9, 2022
User object created with invalid provider data in GoTrue
Moderate
GHSA-wpfr-6297-9v57
was published
for
github.com/netlify/gotrue
(Go)
Feb 9, 2022
Cross-site Scripting in Gitea
Moderate
CVE-2021-45329
was published
for
github.com/go-gitea/gitea
(Go)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API