Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

686 advisories

Loading
Improper Authentication in Kubernetes High
CVE-2020-8558 was published for k8s.io/kubernetes (Go) Feb 15, 2022
halfcrazy
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Cryptographic Issues in ECK High
CVE-2020-7010 was published for github.com/elastic/cloud-on-k8s (Go) Feb 15, 2022
Arbitrary File Write in Libcontainer High
CVE-2015-3629 was published for github.com/docker/docker (Go) Feb 15, 2022
Denial of Service in Bytom High
CVE-2018-18206 was published for github.com/bytom/bytom (Go) Feb 15, 2022
Denial of Service in Packetbeat High
CVE-2017-11480 was published for github.com/elastic/beats (Go) Feb 15, 2022
Arbitrary Code Execution in Docker High
CVE-2014-6407 was published for github.com/docker/docker (Go) Feb 15, 2022
Privilege Escalation in Docker High
CVE-2014-3499 was published for github.com/docker/docker (Go) Feb 15, 2022
Denial of Service in Gitea High
CVE-2020-13246 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Zip slip directory exploit in github.com/deislabs/oras High
CVE-2021-21272 was published for github.com/deislabs/oras (Go) Feb 15, 2022
smowton
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
SAML authentication vulnerability due to stdlib XML parsing High
CVE-2020-26276 was published for github.com/fleetdm/fleet/v4 (Go) Feb 11, 2022
Nil dereference in NATS JWT, DoS of nats-server High
CVE-2020-26521 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
TPM 1.2 key authorization values vulnerable to TPM transport eavesdropper in go-tpm High
CVE-2020-8918 was published for github.com/google/go-tpm (Go) Feb 11, 2022
chrisfenner
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers High
CVE-2020-14359 was published for github.com/keycloak/keycloak-gatekeeper (Go) Feb 9, 2022
Cross Site Request Forgery in Gitea High
CVE-2021-45326 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Incorrect Authorization in NATS nats-server High
CVE-2022-24450 was published for github.com/nats-io/nats-server/v2 (Go) Feb 8, 2022
Churro andrewpollock
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Server-Side Request Forgery in Apache Traffic Control High
CVE-2022-23206 was published for github.com/apache/trafficcontrol (Go) Feb 7, 2022
Cross-Site Request Forgery in Filebrowser High
CVE-2021-46398 was published for github.com/filebrowser/filebrowser/v2 (Go) Feb 5, 2022
SQL Injection in Casdoor High
CVE-2022-24124 was published for github.com/casdoor/casdoor (Go) Feb 1, 2022
NULL Pointer Dereference in Protocol Buffers High
CVE-2021-22570 was published for Google.Protobuf (Composer) Jan 27, 2022
joshbressers
Lookup operations do not take into account wildcards in SpiceDB High
CVE-2022-21646 was published for github.com/authzed/spicedb (Go) Jan 13, 2022
vroldanbet
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints High
GHSA-m7vp-hqwv-7m5x was published for github.com/spiffe/spire (Go) Jan 12, 2022
ProTip! Advisories are also available from the GraphQL API