Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,752 advisories

Loading
HashiCorp Consul Template could reveal Vault secret contents in error messages High
CVE-2022-38149 was published for github.com/hashicorp/consul-template (Go) Aug 18, 2022
Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function Moderate
GHSA-x279-68rr-jp4p was published for github.com/supranational/blst (Go) Oct 7, 2022
guidovranken
Helm passes repository credentials to alternate domain Moderate
CVE-2021-32690 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
Command Injection Vulnerability with Mercurial in VCS Critical
CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022
dellalibera
Policies not properly enforced in bluemonday Moderate
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
Denial of service in Open Policy Agent High
CVE-2022-33082 was published for github.com/open-policy-agent/opa (Go) Jul 1, 2022
srenatus kurt-r2c
golang.org/x/sys/unix has Incorrect privilege reporting in syscall Moderate
CVE-2022-29526 was published for golang.org/x/sys (Go) Jun 24, 2022
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion High
CVE-2022-30323 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
HashiCorp go-getter unsafe downloads could lead to arbitrary host access High
CVE-2022-30322 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
Duplicate Advisory: Helm passes repository credentials to alternate domain Moderate
GHSA-7jr6-prv4-5wf5 was published for helm.sh/helm/v3 (Go) Jun 23, 2021 withdrawn
Collision of hash values in github.com/bnb-chain/tss-lib Critical
CVE-2022-47931 was published for github.com/bnb-chain/tss-lib (Go) Dec 23, 2022
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
Go JOSE Signature Validation Bypass High
CVE-2016-9122 was published for gopkg.in/square/go-jose.v1 (Go) May 18, 2021
Cross-site scripting in bluemonday Moderate
CVE-2021-29272 was published for github.com/microcosm-cc/bluemonday (Go) May 18, 2021
Incorrect handling of credential expiry by /nats-io/nats-server Critical
CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be Low
GHSA-xg2h-wx96-xgxr was published for github.com/Masterminds/goutils (Go) May 21, 2021
neild
CBC padding oracle issue in AWS S3 Crypto SDK for golang Moderate
CVE-2020-8911 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
golang.org/x/net/html Improper Validation of Array Index vulnerability High
CVE-2018-17848 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17847 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17143 was published for golang.org/x/net (Go) May 13, 2022
ProTip! Advisories are also available from the GraphQL API