Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

64 advisories

Loading
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
usememos/memos vulnerable to improper access control Moderate
CVE-2022-4685 was published for github.com/usememos/memos (Go) Dec 23, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server Moderate
CVE-2022-24731 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4684 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control High
CVE-2022-4689 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4810 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4806 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4814 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4809 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4807 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles High
CVE-2022-43759 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Answer contains Improper Access Control vulnerability Critical
CVE-2023-0744 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts Moderate
CVE-2023-2183 was published for github.com/grafana/grafana (Go) Jun 12, 2023
sebob
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
ProTip! Advisories are also available from the GraphQL API