GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
188 advisories
Filter by severity
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access
Critical
CVE-2024-27102
was published
for
github.com/pterodactyl/wings
(Go)
Mar 15, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Transparent TLS may not be applied to Marbles with certain manifest configurations
Critical
GHSA-x5r5-2qrx-rqj8
was published
for
github.com/edgelesssys/marblerun
(Go)
Feb 27, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
BuildKit vulnerable to possible host system access from mount stub cleaner
Critical
CVE-2024-23652
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 30, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Critical
CVE-2023-49569
was published
for
github.com/go-git/go-git/v4
(Go)
Jan 10, 2024
Withdrawn Advisory: Teleport Access List owners can escalate their privileges
Critical
GHSA-76cc-p55w-63g3
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users
Critical
GHSA-hw4x-mcx5-9q36
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
GHSA-m8rw-rcpq-2vp2
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
SQL injection vulnerability in Meshery
Critical
CVE-2023-46575
was published
for
github.com/layer5io/meshery
(Go)
Nov 24, 2023
Plonk verifier KZG multi point verification
Critical
GHSA-7p92-x423-vwj6
was published
for
github.com/consensys/gnark
(Go)
Oct 17, 2023
CSRF Token Reuse Vulnerability
Critical
CVE-2023-45128
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Critical
CVE-2023-32188
was published
for
github.com/neuvector/neuvector
(Go)
Oct 6, 2023
Consensys gnark-crypto allows Signature Malleability
Critical
CVE-2023-44273
was published
for
github.com/Consensys/gnark-crypto
(Go)
Sep 28, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound
Critical
CVE-2023-43644
was published
for
github.com/sagernet/sing
(Go)
Sep 26, 2023
NATS nats-server allows directory traversal via unintended path to a management action
Critical
CVE-2022-28357
was published
for
github.com/nats-io/nats-server
(Go)
Sep 19, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
ProTip!
Advisories are also available from the
GraphQL API