Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,748 advisories

Loading
Panic when parsing invalid palette-color images in golang.org/x/image Moderate
CVE-2024-24792 was published for golang.org/x/image (Go) Jun 26, 2024
HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation High
CVE-2024-6257 was published for github.com/hashicorp/go-getter (Go) Jun 25, 2024
go-retryablehttp can leak basic auth credentials to log files Moderate
CVE-2024-6104 was published for github.com/hashicorp/go-retryablehttp (Go) Jun 24, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service Moderate
CVE-2024-38359 was published for github.com/lightningnetwork/lnd (Go) Jun 20, 2024
morehouse
SpiceDB exclusions can result in no permission returned when permission expected Low
CVE-2024-38361 was published for github.com/authzed/spicedb (Go) Jun 20, 2024
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability Moderate
GHSA-rvj4-q8q5-8grf was published for github.com/traefik/traefik/v2 (Go) Jun 20, 2024
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
LocalAI path traversal vulnerability High
CVE-2024-5182 was published for github.com/go-skynet/LocalAI (Go) Jun 20, 2024
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher's External RoleTemplates can lead to privilege escalation Moderate
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
AdGuardHome privilege escalation vulnerability High
CVE-2024-36586 was published for github.com/AdguardTeam/AdGuardHome (Go) Jun 13, 2024
Vulnerabilities with the k8sGPT High
GHSA-85rg-8m6h-825p was published for github.com/k8sgpt-ai/k8sgpt (Go) Jun 13, 2024
atul86244
Cilium leaks sensitive information in cilium-bugtool High
CVE-2024-37307 was published for github.com/cilium/cilium (Go) Jun 13, 2024
sayboras
gqlparser denial of service vulnerability via the parserDirectives function Moderate
CVE-2023-49559 was published for github.com/vektah/gqlparser (Go) Jun 12, 2024
HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims Low
CVE-2024-5798 was published for github.com/hashicorp/vault (Go) Jun 12, 2024
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing Moderate
GHSA-xmmx-7jpf-fx42 was published for github.com/docker/docker (Go) Jun 10, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
`docker cp` allows unexpected chmod of host files in Moby Docker Engine Low
CVE-2021-41089 was published for github.com/docker/docker (Go) Jun 10, 2024
LevanaXr ssst0n3
go-grpc-compression has a zstd decompression bombing vulnerability High
GHSA-87m9-rv8p-rgmg was published for github.com/mostynb/go-grpc-compression (Go) Jun 10, 2024
ProTip! Advisories are also available from the GraphQL API