GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
634 advisories
Filter by severity
Privilege Elevation in runc
High
CVE-2016-3697
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
"Verify All" Returns Success Despite Validation Failures in Singularity
High
CVE-2020-13846
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
golang.org/x/net/http2 allows uncontrolled memory consumption
High
CVE-2021-44716
was published
for
golang.org/x/net/http2
(Go)
Jan 2, 2022
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux
High
CVE-2021-43816
was published
for
github.com/containerd/containerd
(Go)
Jan 6, 2022
Drainage of FeeCollector's Block Transaction Fees in cronos
High
CVE-2021-43839
was published
for
github.com/crypto-org-chain/cronos
(Go)
Jan 6, 2022
Link Following in Iris
High
CVE-2021-23772
was published
for
github.com/kataras/iris
(Go)
Jan 6, 2022
Use of a Broken or Risky Cryptographic Algorithm in Max Mazurov Maddy
High
CVE-2021-42583
was published
for
github.com/foxcpp/maddy
(Go)
Jan 6, 2022
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
High
GHSA-m7vp-hqwv-7m5x
was published
for
github.com/spiffe/spire
(Go)
Jan 12, 2022
Lookup operations do not take into account wildcards in SpiceDB
High
CVE-2022-21646
was published
for
github.com/authzed/spicedb
(Go)
Jan 13, 2022
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
SQL Injection in Casdoor
High
CVE-2022-24124
was published
for
github.com/casdoor/casdoor
(Go)
Feb 1, 2022
Cross-Site Request Forgery in Filebrowser
High
CVE-2021-46398
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 5, 2022
Server-Side Request Forgery in Apache Traffic Control
High
CVE-2022-23206
was published
for
github.com/apache/trafficcontrol
(Go)
Feb 7, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Incorrect Authorization in NATS nats-server
High
CVE-2022-24450
was published
for
github.com/nats-io/nats-server/v2
(Go)
Feb 8, 2022
Cross Site Request Forgery in Gitea
High
CVE-2021-45326
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
High
CVE-2020-14359
was published
for
github.com/keycloak/keycloak-gatekeeper
(Go)
Feb 9, 2022
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
High
CVE-2020-8918
was published
for
github.com/google/go-tpm
(Go)
Feb 11, 2022
Nil dereference in NATS JWT, DoS of nats-server
High
CVE-2020-26521
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
SAML authentication vulnerability due to stdlib XML parsing
High
CVE-2020-26276
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 11, 2022
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Git LFS can execute a Git binary from the current directory on Windows
High
CVE-2021-21237
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API