GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
818 advisories
Filter by severity
CometBFT is unstability during blocksync when syncing from malicious peer
Moderate
GHSA-hg58-rf2h-6rr7
was published
for
github.com/cometbft/cometbft
(Go)
Jun 28, 2024
Panic when parsing invalid palette-color images in golang.org/x/image
Moderate
CVE-2024-24792
was published
for
golang.org/x/image
(Go)
Jun 26, 2024
CoreDNS may return invalid cache entries
Moderate
CVE-2024-0874
was published
for
github.com/coredns/coredns
(Go)
Apr 25, 2024
go-retryablehttp can leak basic auth credentials to log files
Moderate
CVE-2024-6104
was published
for
github.com/hashicorp/go-retryablehttp
(Go)
Jun 24, 2024
Elastic Beats inserts sensitive information into log file
Moderate
CVE-2023-49922
was published
for
github.com/elastic/beats
(Go)
Dec 12, 2023
Rancher's External RoleTemplates can lead to privilege escalation
Moderate
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
HTTP/2 Stream Cancellation Attack
Moderate
CVE-2023-44487
was published
for
com.typesafe.akka:akka-http-core
(Go)
Oct 10, 2023
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
SFTPGo has insufficient access control for password reset
Moderate
CVE-2024-37897
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jun 20, 2024
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Moderate
GHSA-rvj4-q8q5-8grf
was published
for
github.com/traefik/traefik/v2
(Go)
Jun 20, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Minder affected by denial of service from maliciously configured Git repository
Moderate
CVE-2024-37904
was published
for
github.com/stacklok/minder
(Go)
Jun 18, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
Moderate
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Moderate
GHSA-7jmw-8259-q9jx
was published
for
github.com/traefik/traefik
(Go)
Jun 11, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Moderate
CVE-2024-37032
was published
for
github.com/ollama/ollama
(Go)
May 31, 2024
Open Redirect URL in Harbor
Moderate
CVE-2024-22244
was published
for
github.com/goharbor/harbor
(Go)
Jun 2, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Moderate
CVE-2024-28180
was published
for
github.com/go-jose/go-jose/v3
(Go)
Mar 7, 2024
Calico privilege escalation vulnerability
Moderate
CVE-2024-33522
was published
for
github.com/projectcalico/calico
(Go)
Apr 30, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
Evmos vulnerable to unauthorized account creation with vesting module
Moderate
GHSA-m99c-q26r-m7m7
was published
for
github.com/evmos/evmos/v13
(Go)
Apr 17, 2024
ProTip!
Advisories are also available from the
GraphQL API