Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

819 advisories

Loading
Cross-site Scripting in github.com/schollz/rwtxt Moderate
CVE-2021-20848 was published for github.com/schollz/rwtxt (Go) Nov 29, 2021
tdunlap607
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC Moderate
CVE-2021-43784 was published for github.com/opencontainers/runc (Go) Dec 7, 2021
felixwilhelm
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Observable Discrepancy in Argo Moderate
CVE-2020-11576 was published for github.com/argoproj/argo-cd (Go) Dec 9, 2021
Excessive Platform Resource Consumption within a Loop in Kubernetes Moderate
CVE-2019-11254 was published for github.com/go-yaml/yaml (Go) Dec 20, 2021
Denial of Service in OpenShift Origin Moderate
CVE-2015-5250 was published for github.com/openshift/origin (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Open Redirect in oauth2_proxy Moderate
CVE-2017-1000070 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Open redirect vulnerability in Sourcegraph Moderate
CVE-2020-12283 was published for github.com/sourcegraph/sourcegraph (Go) Dec 20, 2021
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
Subdomain Takeover in Interactsh server Moderate
CVE-2023-36474 was published for github.com/projectdiscovery/interactsh (Go) Jan 27, 2022
Denial of Service in graphql-go Moderate
CVE-2022-21708 was published for github.com/graph-gophers/graphql-go (Go) Jan 27, 2022
jupenur
SQL injection in github.com/navidrome/navidrome Moderate
CVE-2022-23857 was published for github.com/navidrome/navidrome (Go) Jan 27, 2022
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote Moderate
CVE-2022-0317 was published for github.com/google/go-attestation (Go) Feb 1, 2022
vonhollen
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Unverified Ownership in Kubernetes Moderate
CVE-2020-8554 was published for k8s.io/kubernetes (Go) Feb 8, 2022
Open redirect in Gitea Moderate
CVE-2021-45328 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Gitea displaying raw OpenID error in UI Moderate
CVE-2021-45325 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Incorrect Calculation in github.com/open-policy-agent/opa Moderate
CVE-2022-23628 was published for github.com/open-policy-agent/opa (Go) Feb 9, 2022
johanneslarsson
User object created with invalid provider data in GoTrue Moderate
GHSA-wpfr-6297-9v57 was published for github.com/netlify/gotrue (Go) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API