GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
819 advisories
Filter by severity
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Moderate
GHSA-j86v-2vjr-fg8f
was published
for
go.etcd.io/etcd
(Go)
Feb 3, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
Hashicorp Vault may expose sensitive log information
Moderate
CVE-2024-0831
was published
for
github.com/hashicorp/vault
(Go)
Feb 1, 2024
Grafana Cross Site Request Forgery (CSRF)
Moderate
CVE-2022-21703
was published
for
github.com/grafana/grafana/pkg/web
(Go)
Feb 1, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Grafana Cross-site Scripting (XSS)
Moderate
CVE-2018-12099
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
moby Access to remapped root allows privilege escalation to real root
Moderate
CVE-2021-21284
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
Path Traversal in Moby builder
Moderate
CVE-2020-27534
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Enumeration of users in HashiCorp Vault
Moderate
CVE-2020-35177
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana/pkg/tsdb/mysql
(Go)
Jan 31, 2024
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend
Moderate
CVE-2024-23650
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
stereoscope vulnerable to tar path traversal when processing OCI tar archives
Moderate
CVE-2024-24579
was published
for
github.com/anchore/stereoscope
(Go)
Jan 31, 2024
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability
Moderate
CVE-2023-44312
was published
for
github.com/apache/servicecomb-service-center
(Go)
Jan 31, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Improper Preservation of Permissions in etcd
Moderate
CVE-2020-15113
was published
for
github.com/etcd-io/etcd
(Go)
Jan 30, 2024
Grafana XSS via adding a link in General feature
Moderate
CVE-2018-18625
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
Grafana XSS in Dashboard Text Panel
Moderate
CVE-2018-18623
was published
for
github.com/grafana/grafana
(Go)
Jan 30, 2024
HashiCorp Vault Improper Privilege Management
Moderate
CVE-2020-10660
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
`goreleaser release --debug` shows secrets
Moderate
CVE-2024-23840
was published
for
github.com/goreleaser/goreleaser
(Go)
Jan 30, 2024
Authentik vulnerable to PKCE downgrade attack
Moderate
CVE-2024-23647
was published
for
goauthentik.io
(Go)
Jan 29, 2024
OpenFGA denial of service
Moderate
CVE-2024-23820
was published
for
github.com/openfga/openfga
(Go)
Jan 26, 2024
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised registry
Moderate
CVE-2024-23332
was published
for
github.com/notaryproject/notation
(Go)
Jan 19, 2024
ProTip!
Advisories are also available from the
GraphQL API