GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
Hashicorp Boundary vulnerable to clickjacking
Moderate
CVE-2022-36182
was published
for
github.com/hashicorp/boundary
(Go)
Oct 27, 2022
Woodpecker allows cross-site scripting (XSS) via build logs
Moderate
CVE-2022-29947
was published
for
github.com/woodpecker-ci/woodpecker
(Go)
Apr 30, 2022
Alist Cross-site Scripting vulnerability
Moderate
CVE-2022-45970
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 12, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts
Moderate
CVE-2022-46174
was published
for
github.com/kubernetes-sigs/aws-efs-csi-driver
(Go)
Dec 30, 2022
Path Traversal in github.com/go-sonic/sonic
Moderate
CVE-2022-46959
was published
for
github.com/go-sonic/sonic
(Go)
Jan 23, 2023
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate
CVE-2022-39220
was published
for
github.com/drakkan/sftpgo
(Go)
Sep 20, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Memos Cross-site Scripting vulnerability
Moderate
CVE-2022-4609
was published
for
github.com/usememos/memos
(Go)
Dec 19, 2022
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19025
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers
Moderate
CVE-2020-2023
was published
for
github.com/kata-containers/agent
(Go)
Feb 15, 2022
SQL Injection in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19026
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer
Moderate
CVE-2020-26277
was published
for
github.com/datacharmer/dbdeployer
(Go)
Feb 12, 2022
containerd v1.2.x can be coerced into leaking credentials during image pull
Moderate
CVE-2020-15157
was published
for
github.com/containerd/containerd
(Go)
Feb 11, 2022
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
Moderate
CVE-2021-23347
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 21, 2021
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Path traversal in Grafana Cortex
Moderate
CVE-2021-36157
was published
for
github.com/cortexproject/cortex
(Go)
Sep 2, 2021
Cache Manipulation Attack in Apache Traffic Control
Moderate
CVE-2020-17522
was published
for
github.com/apache/trafficcontrol
(Go)
Jun 18, 2021
Improper input validation in CNCF Cortex
Moderate
CVE-2021-31232
was published
for
github.com/cortexproject/cortex
(Go)
Jun 23, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Moderate
CVE-2020-15233
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Workflow re-write vulnerability using input parameter
Moderate
CVE-2021-37914
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 9, 2021
Arbitrary redirects under /new endpoint
Moderate
CVE-2021-29622
was published
for
github.com/prometheus/prometheus
(Go)
Feb 15, 2022
Path traversal in Grafana Loki
Moderate
CVE-2021-36156
was published
for
github.com/grafana/loki
(Go)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API