GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
686 advisories
Filter by severity
Privilege escalation in beego
High
CVE-2021-27116
was published
for
github.com/beego/beego
(Go)
Apr 6, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Denial of service in go-ethereum
High
CVE-2021-42219
was published
for
github.com/ethereum/go-ethereum
(Go)
Mar 18, 2022
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
Code Injection in CRI-O
High
CVE-2022-0811
was published
for
github.com/cri-o/cri-o
(Go)
Mar 15, 2022
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Rancher generated tokens not revoked after modifications made to authentication provider
High
GHSA-c45c-39f6-6gw9
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Bloom Uncontrolled Search Path Element vulnerability
High
CVE-2023-0247
was published
for
github.com/bits-and-blooms/bloom
(Go)
Jan 12, 2023
"Verify All" Returns Success Despite Validation Failures in Singularity
High
CVE-2020-13846
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
High
GHSA-34vw-m4rh-r36p
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Daemon panics when processing certain blocks
High
GHSA-mcq2-w56r-5w2w
was published
for
github.com/ipld/go-ipfs
(Go)
Apr 8, 2022
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
High
GHSA-m7vp-hqwv-7m5x
was published
for
github.com/spiffe/spire
(Go)
Jan 12, 2022
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
S3 storage write is not aborted on errors leading to unbounded memory usage
High
GHSA-m6m5-pp4g-fcc8
was published
for
github.com/foxcpp/maddy
(Go)
Oct 6, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
High
GHSA-qvp4-rpmr-xwrr
was published
for
github.com/ory/oathkeeper
(Go)
Jun 23, 2021
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Denial of Service in Gitea
High
CVE-2020-13246
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API