Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

Filter advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
86
GitHub Actions
54
Go
4,175
Maven
5,000+
npm
5,000+
NuGet
1,019
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,421
Swift
61
Unreviewed advisories
All unreviewed
5,000+

459 advisories

Loading
EnvoyProxy Envoy Missing HTTP URL path normalization Critical
CVE-2019-9901 was published for github.com/envoyproxy/envoy (Go) May 24, 2022
go-unzip vulnerable to Path Traversal Critical
CVE-2020-36560 was published for github.com/artdarek/go-unzip (Go) Dec 28, 2022
Path Traversal in Beego Critical
CVE-2022-31836 was published for github.com/beego/beego (Go) Jul 6, 2022
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
Labstack Echo Open Redirect vulnerability Critical
CVE-2022-40083 was published for github.com/labstack/echo/v4 (Go) Sep 29, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy Critical
CVE-2022-38580 was published for github.com/zalando/skipper (Go) Oct 25, 2022
tdunlap607 Credited to tdunlap607
Unzip vulnerable to path traversal Critical
CVE-2020-36561 was published for github.com/yi-ge/unzip (Go) Dec 28, 2022
tar-utils Path Traversal vulnerability Critical
CVE-2020-36566 was published for github.com/whyrusleeping/tar-utils (Go) Dec 28, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
Gitea Remote Code Execution (RCE) Critical
CVE-2018-18926 was published for code.gitea.io/gitea (Go) Feb 15, 2022
Reuse of one time passwords allowed in Gitea Critical
CVE-2021-45331 was published for code.gitea.io/gitea (Go) Feb 10, 2022
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
SQL Injection in Couchbase Sync Gateway Critical
CVE-2019-9039 was published for github.com/couchbase/sync_gateway (Go) Feb 15, 2022
andrewpollock Credited to andrewpollock
Improper Authentication in Apache Traffic Control Critical
CVE-2019-12405 was published for github.com/apache/trafficcontrol (Go) May 18, 2021
Hashicorp Nomad Access Control Issues Critical
CVE-2019-12618 was published for github.com/hashicorp/nomad (Go) May 24, 2022
Helm Unsafe Link Following Critical
CVE-2019-18658 was published for helm.sh/helm (Go) May 24, 2022
Grafana Authentication Bypass Critical
CVE-2018-15727 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Critical security issues in XML encoding in github.com/dexidp/dex Critical
CVE-2020-26290 was published for github.com/dexidp/dex (Go) Dec 20, 2021
jupenur Credited to jupenur, ericchiang, justaugustus, and sagikazarmark ericchiang ericchiang
justaugustus justaugustus sagikazarmark sagikazarmark
Improper Input Validation in HashiCorp Vault Critical
CVE-2020-12757 was published for github.com/hashicorp/vault-plugin-secrets-gcp (Go) May 18, 2021
Improper Authentication in InfluxDB Critical
CVE-2019-20933 was published for github.com/influxdata/influxdb (Go) May 18, 2021
Use After Free in HashiCorp Nomad Critical
CVE-2020-27195 was published for github.com/hashicorp/nomad (Go) Feb 15, 2022
DevSpace vulnerable to remote code execution Critical
CVE-2020-15391 was published for github.com/loft-sh/devspace (Go) May 24, 2022
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr Credited to nonsleepr
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt Credited to alexmt
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database