GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,752 advisories
Filter by severity
HashiCorp Consul Template could reveal Vault secret contents in error messages
High
CVE-2022-38149
was published
for
github.com/hashicorp/consul-template
(Go)
Aug 18, 2022
Blst vulnerable to incorrect results for some inputs in blst_fp_eucl_inverse function
Moderate
GHSA-x279-68rr-jp4p
was published
for
github.com/supranational/blst
(Go)
Oct 7, 2022
Helm passes repository credentials to alternate domain
Moderate
CVE-2021-32690
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
golang.org/x/net/http vulnerable to a reset flood
High
CVE-2019-9514
was published
for
golang.org/x/net
(Go)
May 24, 2022
golang.org/x/net/http vulnerable to ping floods
High
CVE-2019-9512
was published
for
golang.org/x/net
(Go)
May 24, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
Policies not properly enforced in bluemonday
Moderate
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Critical
CVE-2021-4238
was published
for
github.com/Masterminds/goutils
(Go)
Dec 28, 2022
Denial of service in Open Policy Agent
High
CVE-2022-33082
was published
for
github.com/open-policy-agent/opa
(Go)
Jul 1, 2022
golang.org/x/sys/unix has Incorrect privilege reporting in syscall
Moderate
CVE-2022-29526
was published
for
golang.org/x/sys
(Go)
Jun 24, 2022
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion
High
CVE-2022-30323
was published
for
github.com/hashicorp/go-getter
(Go)
May 26, 2022
HashiCorp go-getter unsafe downloads could lead to arbitrary host access
High
CVE-2022-30322
was published
for
github.com/hashicorp/go-getter
(Go)
May 26, 2022
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
Collision of hash values in github.com/bnb-chain/tss-lib
Critical
CVE-2022-47931
was published
for
github.com/bnb-chain/tss-lib
(Go)
Dec 23, 2022
gopkg.in/yaml.v3 Denial of Service
High
CVE-2022-28948
was published
for
gopkg.in/yaml.v3
(Go)
May 20, 2022
Cross-Site Request Forgery in Filebrowser
High
CVE-2021-46398
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 5, 2022
Go JOSE Signature Validation Bypass
High
CVE-2016-9122
was published
for
gopkg.in/square/go-jose.v1
(Go)
May 18, 2021
Cross-site scripting in bluemonday
Moderate
CVE-2021-29272
was published
for
github.com/microcosm-cc/bluemonday
(Go)
May 18, 2021
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Low
GHSA-xg2h-wx96-xgxr
was published
for
github.com/Masterminds/goutils
(Go)
May 21, 2021
CBC padding oracle issue in AWS S3 Crypto SDK for golang
Moderate
CVE-2020-8911
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Low
CVE-2020-8912
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
golang.org/x/net/html Improper Validation of Array Index vulnerability
High
CVE-2018-17848
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17847
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17143
was published
for
golang.org/x/net
(Go)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API