GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
92
GitHub Actions
54
Go
4,217
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,103
Rust
1,443
Swift
61
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
opentelemetry-collector-contrib sentryexporter: Path traversal in Sentry exporter via attacker-controlled service.name reaches privileged Sentry API endpoints with operator bearer token
Moderate
CVE-2026-47256
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/exporter/sentryexporter
(Go)
Jun 18, 2026
PicoClaw has an Injection issue in its Web Launcher Management Plane component
Moderate
CVE-2026-6987
was published
for
github.com/sipeed/picoclaw
(Go)
Apr 25, 2026
Traefik has Knative Ingress Rule Injection that Allows Host Restriction Bypass
Moderate
CVE-2026-32695
was published
for
github.com/traefik/traefik/v2
(Go)
Mar 27, 2026
Traefik: kubernetes gateway rule injection via unescaped backticks in HTTPRoute match values
Moderate
CVE-2026-29777
was published
for
github.com/traefik/traefik
(Go)
Mar 11, 2026
Caddy's vars_regexp double-expands user input, leaking env vars and files
Moderate
CVE-2026-30852
was published
for
github.com/caddyserver/caddy/v2/modules/caddyhttp
(Go)
Mar 6, 2026
Character injection in Hubble CLI
Moderate
CVE-2025-48056
was published
for
github.com/cilium/hubble
(Go)
May 21, 2025
Woodpecker's custom environment variables allow to alter execution flow of plugins
Moderate
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
Kiali content spoofing vulnerability
Moderate
CVE-2022-3962
was published
for
github.com/kiali/kiali
(Go)
Sep 23, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
Abstrium Pydio Cells Resource Injection vulnerability
Moderate
CVE-2023-2980
was published
for
github.com/pydio/cells/v4
(Go)
May 30, 2023
Denial of service (DoS) when processing Git credentials
Moderate
CVE-2022-43756
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API