GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
178 advisories
Filter by severity
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Etcd-io Improper Authentication vulnerability
Critical
CVE-2021-28235
was published
for
go.etcd.io/etcd/v3
(Go)
Apr 4, 2023
Answer contains Improper Access Control vulnerability
Critical
CVE-2023-0744
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Ansible Semaphore mishandles authentication
Critical
CVE-2023-28609
was published
for
github.com/ansible-semaphore/semaphore
(Go)
Mar 18, 2023
Answer vulnerable to Authentication Bypass by Capture-replay
Critical
CVE-2023-1537
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Full authentication bypass if SASL authorization username is specified
Critical
CVE-2023-27582
was published
for
github.com/foxcpp/maddy
(Go)
Mar 14, 2023
Gogs OS Command Injection vulnerability
Critical
CVE-2022-2024
was published
for
gogs.io/gogs
(Go)
Feb 28, 2023
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
Privilege escalation in MOSN
Critical
CVE-2021-32163
was published
for
mosn.io/mosn
(Go)
Feb 17, 2023
Answer subject to Cross-site Scripting vulnerability
Critical
CVE-2023-0743
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer has Cross-site Scripting vulnerability
Critical
CVE-2023-0741
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets
Critical
CVE-2023-23947
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 16, 2023
Elliptic Curve Key Disclosure in go-jose
Critical
CVE-2016-9121
was published
for
github.com/square/go-jose
(Go)
Jun 23, 2021
Authentication Bypass in github.com/russellhaering/gosaml2
Critical
CVE-2020-29509
was published
for
github.com/russellhaering/gosaml2
(Go)
Feb 11, 2022
Cross-site scripting vulnerability found in answerdev/answer
Critical
CVE-2023-0740
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Answer contains Cross-site Scripting vulnerability
Critical
CVE-2023-0742
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Critical
CVE-2018-21246
was published
for
github.com/caddyserver/caddy
(Go)
Oct 6, 2022
XML Processing error in github.com/crewjam/saml
Critical
CVE-2020-27846
was published
for
github.com/crewjam/saml
(Go)
Jun 23, 2021
Cloud Foundry Archiver vulnerable to path traversal
Critical
CVE-2018-25046
was published
for
code.cloudfoundry.org/archiver
(Go)
Dec 28, 2022
Improper Authenication in Pion DTLS
Critical
CVE-2019-20786
was published
for
github.com/pion/dtls
(Go)
Jun 29, 2021
ProTip!
Advisories are also available from the
GraphQL API