GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,830 advisories
Filter by severity
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Symlink Attack in Libcontainer and Docker Engine
Moderate
CVE-2015-3627
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Network policy may be bypassed by some ICMP Echo Requests
Low
GHSA-c66w-hq56-4q97
was published
for
github.com/cilium/cilium
(Go)
May 21, 2021
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Auth bypass in SAML provider
Critical
GHSA-433w-mm6h-rv9p
was published
for
github.com/netlify/gotrue
(Go)
Jun 23, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Critical
GHSA-gp6j-vx54-5pmf
was published
for
github.com/keep-network/keep-ecdsa
(Go)
Jan 6, 2022
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
High
GHSA-m7vp-hqwv-7m5x
was published
for
github.com/spiffe/spire
(Go)
Jan 12, 2022
User object created with invalid provider data in GoTrue
Moderate
GHSA-wpfr-6297-9v57
was published
for
github.com/netlify/gotrue
(Go)
Feb 9, 2022
Multiple security issues in Pomerium's embedded envoy
Moderate
GHSA-j34v-3552-5r7j
was published
for
github.com/pomerium/pomerium
(Go)
Mar 1, 2022
Possible filesystem space exhaustion by local users
Moderate
GHSA-chxf-fjcf-7fwp
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
Improper random number generation in github.com/coredns/coredns
Moderate
GHSA-gv9j-4w24-q7vx
was published
for
github.com/coredns/coredns
(Go)
Mar 1, 2022
Possible privilege escalation via bash completion script
Moderate
GHSA-w4f8-fxq2-j35v
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
Denial of service via insufficient metadata validation
Moderate
GHSA-p93v-m2r2-4387
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
Sysctls applied to containers with host IPC or host network namespaces can affect the host
Moderate
GHSA-w2j5-3rcx-vx7x
was published
for
github.com/cri-o/cri-o
(Go)
Mar 15, 2022
Opened exploitable ports in default docker-compose.yaml in go-ipfs
Moderate
GHSA-fx5p-f64h-93xc
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 4, 2022
Daemon panics when processing certain blocks
High
GHSA-mcq2-w56r-5w2w
was published
for
github.com/ipld/go-ipfs
(Go)
Apr 8, 2022
ProTip!
Advisories are also available from the
GraphQL API