Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor Credited to mattmoor
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 Credited to znewman01, dlorenc, mattmoor, priyawadhwa, mtrmac, and nsmith5 dlorenc dlorenc
mattmoor mattmoor priyawadhwa priyawadhwa mtrmac mtrmac nsmith5 nsmith5
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials High
CVE-2024-28110 was published for github.com/cloudevents/sdk-go/v2 (Go) Mar 6, 2024
mattmoor Credited to mattmoor, tcnghia, and sunnypatell tcnghia tcnghia
sunnypatell sunnypatell
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database