Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

21 advisories

Loading
Permissions bypass in KubeVirt Moderate
CVE-2020-1701 was published for kubevirt.io/kubevirt (Go) Jun 1, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul Moderate
CVE-2020-12797 was published for github.com/hashicorp/consul (Go) Jun 23, 2021
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607 Credited to tdunlap607
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Incorrect Permission Assignment for Critical Resource in CRI-O Moderate
CVE-2022-0532 was published for github.com/cri-o/cri-o (Go) Feb 11, 2022
Kubernetes Unsafe Cacheing Moderate
CVE-2019-11244 was published for k8s.io/client-go (Go) Feb 15, 2022
cnlh nps vulnerable to file overwrite by local user Moderate
CVE-2019-15119 was published for ehang.io/nps (Go) May 24, 2022
Mattermost Server has mishandled webhook access control Moderate
CVE-2017-18870 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows users with a session ID to revoke another users' session Moderate
CVE-2017-18878 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server allows attackers to log sensitive information via DEBUG REST API logging endpoint Moderate
CVE-2017-18896 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Gitea allowed assignment of private issues Moderate
CVE-2022-38183 was published for code.gitea.io/gitea (Go) Aug 13, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
CubeFS allows Kubernetes cluster-level privilege escalation Moderate
CVE-2023-30512 was published for github.com/cubefs/cubefs (Go) Apr 12, 2023
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm Credited to joanbm, AlonZa, and neersighted AlonZa AlonZa
neersighted neersighted
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities Moderate
CVE-2022-24769 was published for github.com/docker/docker (Go) Apr 22, 2024
AndrewGMorgan Credited to AndrewGMorgan
snapd failed to restrict writes to the $HOME/bin path Moderate
CVE-2024-1724 was published for github.com/snapcore/snapd (Go) Jul 25, 2024
Kata Container to Guest micro VM privilege escalation Moderate
CVE-2026-24834 was published for github.com/kata-containers/kata-containers/src/runtime (Go) Feb 19, 2026
kostya-oai Credited to kostya-oai, sprt, fidencio, and stevenhorsman sprt sprt
fidencio fidencio stevenhorsman stevenhorsman
SiYuan's renderSprig has a missing admin check that allows any user to read full workspace DB Moderate
CVE-2026-32704 was published for github.com/siyuan-note/siyuan/kernel (Go) Mar 13, 2026
fg0x0 Credited to fg0x0
Mattermost doesn't set permissions on downloaded bulk export Moderate
CVE-2026-3113 was published for github.com/mattermost/mattermost-server (Go) Mar 26, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database