Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

695 advisories

Loading
Panic when parsing invalid palette-color images in golang.org/x/image High
CVE-2024-24792 was published for golang.org/x/image (Go) Jun 26, 2024
Beego privilege escalation vulnerability High
CVE-2024-40465 was published for github.com/beego/beego/v2 (Go) Jul 31, 2024
gRPC-Go HTTP/2 Rapid Reset vulnerability High
GHSA-m425-mq94-257g was published for google.golang.org/grpc (Go) Oct 25, 2023
atgreen
Withdrawn Advisory: User-provided environment values allow execution on macOS agents High
GHSA-vfxf-76hv-v4w4 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener jentfoo
lukas-braune
Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access High
GHSA-c9v7-wmwj-vf6x was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Potential memory exhaustion attack due to sparse slice deserialization High
CVE-2024-37298 was published for github.com/gorilla/schema (Go) Jul 1, 2024
AlexVasiluta
piraeus-operator allows attacker to impersonate service account High
CVE-2024-33398 was published for github.com/piraeusdatastore/piraeus-operator/v2 (Go) May 3, 2024
Opencontainers runc Incorrect Authorization vulnerability High
CVE-2023-27561 was published for github.com/opencontainers/runc (Go) Mar 3, 2023
AkihiroSuda
karmada vulnerable to arbitrary code execution via a crafted command High
CVE-2024-33396 was published for github.com/karmada-io/karmada (Go) May 2, 2024
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation High
CVE-2024-6257 was published for github.com/hashicorp/go-getter (Go) Jun 25, 2024
Cilium leaks sensitive information in cilium-bugtool High
CVE-2024-37307 was published for github.com/cilium/cilium (Go) Jun 13, 2024
sayboras
go-grpc-compression has a zstd decompression bombing vulnerability High
GHSA-87m9-rv8p-rgmg was published for github.com/mostynb/go-grpc-compression (Go) Jun 10, 2024
Contract balance not updating correctly after interchain transaction High
CVE-2024-37153 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Vvaradinov EvmosDAO
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC High
CVE-2024-36129 was published for go.opentelemetry.io/collector/config/configgrpc (Go) Jun 5, 2024
jpkrohling arminru
mx-psi stamparm
Vulnerabilities with the k8sGPT High
GHSA-85rg-8m6h-825p was published for github.com/k8sgpt-ai/k8sgpt (Go) Jun 13, 2024
atul86244
Ollama DNS rebinding vulnerability High
CVE-2024-28224 was published for github.com/ollama/ollama (Go) Apr 8, 2024
Incorrect TLS certificate auth method in Vault High
CVE-2024-2048 was published for github.com/hashicorp/vault (Go) Mar 4, 2024
oscerd
Withdrawn: Runc allows an arbitrary systemd property to be injected High
GHSA-c5pj-mqfh-rvc3 was published for github.com/opencontainers/runc (Go) Apr 26, 2024 withdrawn
AkihiroSuda
Constallation has pods exposed to peers in VPC High
GHSA-g8fc-vrcg-8vjg was published for github.com/edgelesssys/constellation/v2 (Go) Apr 15, 2024
brb
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
github.com/ulikunitz/xz fixes readUvarint Denial of Service (DoS) High
CVE-2021-29482 was published for github.com/ulikunitz/xz (Go) May 25, 2021
0xdecaf
Helm uses crypto package vulnerable to panic from malformed X.509 certificate High
CVE-2020-7919 was published for github.com/helm/helm (Go) Jun 23, 2021
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database