GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Moderate
CVE-2021-43784
was published
for
github.com/opencontainers/runc
(Go)
Dec 7, 2021
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
Observable Discrepancy in Argo
Moderate
CVE-2020-11576
was published
for
github.com/argoproj/argo-cd
(Go)
Dec 9, 2021
Excessive Platform Resource Consumption within a Loop in Kubernetes
Moderate
CVE-2019-11254
was published
for
github.com/go-yaml/yaml
(Go)
Dec 20, 2021
Denial of Service in OpenShift Origin
Moderate
CVE-2015-5250
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Open Redirect in oauth2_proxy
Moderate
CVE-2017-1000070
was published
for
github.com/bitly/oauth2_proxy
(Go)
Dec 20, 2021
Open redirect vulnerability in Sourcegraph
Moderate
CVE-2020-12283
was published
for
github.com/sourcegraph/sourcegraph
(Go)
Dec 20, 2021
Denial of Service in TenderMint
Moderate
CVE-2020-15091
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
Signature verification failure in Tendermint
Moderate
GHSA-f3w5-v9xx-rp8p
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
Subdomain Takeover in Interactsh server
Moderate
CVE-2023-36474
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jan 27, 2022
Denial of Service in graphql-go
Moderate
CVE-2022-21708
was published
for
github.com/graph-gophers/graphql-go
(Go)
Jan 27, 2022
SQL injection in github.com/navidrome/navidrome
Moderate
CVE-2022-23857
was published
for
github.com/navidrome/navidrome
(Go)
Jan 27, 2022
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Moderate
CVE-2022-0317
was published
for
github.com/google/go-attestation
(Go)
Feb 1, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
Unverified Ownership in Kubernetes
Moderate
CVE-2020-8554
was published
for
k8s.io/kubernetes
(Go)
Feb 8, 2022
Open redirect in Gitea
Moderate
CVE-2021-45328
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Gitea displaying raw OpenID error in UI
Moderate
CVE-2021-45325
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Incorrect Calculation in github.com/open-policy-agent/opa
Moderate
CVE-2022-23628
was published
for
github.com/open-policy-agent/opa
(Go)
Feb 9, 2022
User object created with invalid provider data in GoTrue
Moderate
GHSA-wpfr-6297-9v57
was published
for
github.com/netlify/gotrue
(Go)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API