Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

819 advisories

Loading
Hashicorp Boundary vulnerable to clickjacking Moderate
CVE-2022-36182 was published for github.com/hashicorp/boundary (Go) Oct 27, 2022
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Alist Cross-site Scripting vulnerability Moderate
CVE-2022-45970 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts Moderate
CVE-2022-46174 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Dec 30, 2022
Path Traversal in github.com/go-sonic/sonic Moderate
CVE-2022-46959 was published for github.com/go-sonic/sonic (Go) Jan 23, 2023
SFTPGo WebClient vulnerable to Cross-site Scripting Moderate
CVE-2022-39220 was published for github.com/drakkan/sftpgo (Go) Sep 20, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Memos Cross-site Scripting vulnerability Moderate
CVE-2022-4609 was published for github.com/usememos/memos (Go) Dec 19, 2022
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers Moderate
CVE-2020-2023 was published for github.com/kata-containers/agent (Go) Feb 15, 2022
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19029 was published for github.com/goharbor/harbor (Go) May 18, 2021
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer Moderate
CVE-2020-26277 was published for github.com/datacharmer/dbdeployer (Go) Feb 12, 2022
smowton
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2 Moderate
CVE-2021-23347 was published for github.com/argoproj/argo-cd/v2 (Go) May 21, 2021
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
Path traversal in Grafana Cortex Moderate
CVE-2021-36157 was published for github.com/cortexproject/cortex (Go) Sep 2, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
Improper input validation in CNCF Cortex Moderate
CVE-2021-31232 was published for github.com/cortexproject/cortex (Go) Jun 23, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses Moderate
CVE-2020-15233 was published for github.com/ory/fosite (Go) May 24, 2021
mitar aeneasr
Workflow re-write vulnerability using input parameter Moderate
CVE-2021-37914 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 9, 2021
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
Path traversal in Grafana Loki Moderate
CVE-2021-36156 was published for github.com/grafana/loki (Go) Sep 2, 2021
simonswine
ProTip! Advisories are also available from the GraphQL API