GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,909 advisories
Filter by severity
Predictable SIF UUID Identifiers in github.com/sylabs/sif
High
CVE-2021-29499
was published
for
github.com/sylabs/sif
(Go)
May 18, 2021
Hard coded cryptographic key in Kiali
High
CVE-2020-1764
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7669
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
High
CVE-2019-19025
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19026
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
High
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
Improper Authentication in InfluxDB
Critical
CVE-2019-20933
was published
for
github.com/influxdata/influxdb
(Go)
May 18, 2021
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
High
CVE-2020-13250
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Improper Input Validation in HashiCorp Consul
Moderate
CVE-2020-13170
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Improper Input Validation in HashiCorp Vault
Critical
CVE-2020-12757
was published
for
github.com/hashicorp/vault-plugin-secrets-gcp
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
High
CVE-2020-7218
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Denial of Service (DoS) in HashiCorp Consul
High
CVE-2020-7219
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Integer Overflow or Wraparound in NATS Server
High
CVE-2019-13126
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 18, 2021
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
High
CVE-2019-13209
was published
for
github.com/rancher/rancher
(Go)
May 18, 2021
Improper Authentication in Apache Traffic Control
Critical
CVE-2019-12405
was published
for
github.com/apache/trafficcontrol
(Go)
May 18, 2021
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information
Moderate
CVE-2019-17110
was published
for
github.com/kubernetes/kube-state-metrics
(Go)
May 18, 2021
•
withdrawn
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Out-of-bounds read in Apache Thrift
High
CVE-2019-0210
was published
for
github.com/apache/thrift
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API