GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
686 advisories
Filter by severity
Improper Authentication in Kubernetes
High
CVE-2020-8558
was published
for
k8s.io/kubernetes
(Go)
Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server
High
CVE-2021-21403
was published
for
github.com/kongchuanhujiao/server
(Go)
Feb 15, 2022
Cryptographic Issues in ECK
High
CVE-2020-7010
was published
for
github.com/elastic/cloud-on-k8s
(Go)
Feb 15, 2022
Arbitrary File Write in Libcontainer
High
CVE-2015-3629
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Denial of Service in Bytom
High
CVE-2018-18206
was published
for
github.com/bytom/bytom
(Go)
Feb 15, 2022
Denial of Service in Packetbeat
High
CVE-2017-11480
was published
for
github.com/elastic/beats
(Go)
Feb 15, 2022
Arbitrary Code Execution in Docker
High
CVE-2014-6407
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Privilege Escalation in Docker
High
CVE-2014-3499
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Denial of Service in Gitea
High
CVE-2020-13246
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
Zip slip directory exploit in github.com/deislabs/oras
High
CVE-2021-21272
was published
for
github.com/deislabs/oras
(Go)
Feb 15, 2022
Git LFS can execute a Git binary from the current directory on Windows
High
CVE-2021-21237
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 15, 2022
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
SAML authentication vulnerability due to stdlib XML parsing
High
CVE-2020-26276
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 11, 2022
Nil dereference in NATS JWT, DoS of nats-server
High
CVE-2020-26521
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm
High
CVE-2020-8918
was published
for
github.com/google/go-tpm
(Go)
Feb 11, 2022
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
High
CVE-2020-14359
was published
for
github.com/keycloak/keycloak-gatekeeper
(Go)
Feb 9, 2022
Cross Site Request Forgery in Gitea
High
CVE-2021-45326
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Incorrect Authorization in NATS nats-server
High
CVE-2022-24450
was published
for
github.com/nats-io/nats-server/v2
(Go)
Feb 8, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Server-Side Request Forgery in Apache Traffic Control
High
CVE-2022-23206
was published
for
github.com/apache/trafficcontrol
(Go)
Feb 7, 2022
Cross-Site Request Forgery in Filebrowser
High
CVE-2021-46398
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 5, 2022
SQL Injection in Casdoor
High
CVE-2022-24124
was published
for
github.com/casdoor/casdoor
(Go)
Feb 1, 2022
NULL Pointer Dereference in Protocol Buffers
High
CVE-2021-22570
was published
for
Google.Protobuf
(Composer)
Jan 27, 2022
Lookup operations do not take into account wildcards in SpiceDB
High
CVE-2022-21646
was published
for
github.com/authzed/spicedb
(Go)
Jan 13, 2022
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
High
GHSA-m7vp-hqwv-7m5x
was published
for
github.com/spiffe/spire
(Go)
Jan 12, 2022
ProTip!
Advisories are also available from the
GraphQL API