Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

882 advisories

Loading
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC Moderate
CVE-2021-43784 was published for github.com/opencontainers/runc (Go) Dec 7, 2021
felixwilhelm
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Observable Discrepancy in Argo Moderate
CVE-2020-11576 was published for github.com/argoproj/argo-cd (Go) Dec 9, 2021
Excessive Platform Resource Consumption within a Loop in Kubernetes Moderate
CVE-2019-11254 was published for github.com/go-yaml/yaml (Go) Dec 20, 2021
Denial of Service in OpenShift Origin Moderate
CVE-2015-5250 was published for github.com/openshift/origin (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Open Redirect in oauth2_proxy Moderate
CVE-2017-1000070 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Open redirect vulnerability in Sourcegraph Moderate
CVE-2020-12283 was published for github.com/sourcegraph/sourcegraph (Go) Dec 20, 2021
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
Subdomain Takeover in Interactsh server Moderate
CVE-2023-36474 was published for github.com/projectdiscovery/interactsh (Go) Jan 27, 2022
Denial of Service in graphql-go Moderate
CVE-2022-21708 was published for github.com/graph-gophers/graphql-go (Go) Jan 27, 2022
jupenur
SQL injection in github.com/navidrome/navidrome Moderate
CVE-2022-23857 was published for github.com/navidrome/navidrome (Go) Jan 27, 2022
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote Moderate
CVE-2022-0317 was published for github.com/google/go-attestation (Go) Feb 1, 2022
vonhollen
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Unverified Ownership in Kubernetes Moderate
CVE-2020-8554 was published for k8s.io/kubernetes (Go) Feb 8, 2022
Open redirect in Gitea Moderate
CVE-2021-45328 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Gitea displaying raw OpenID error in UI Moderate
CVE-2021-45325 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
Incorrect Calculation in github.com/open-policy-agent/opa Moderate
CVE-2022-23628 was published for github.com/open-policy-agent/opa (Go) Feb 9, 2022
johanneslarsson
User object created with invalid provider data in GoTrue Moderate
GHSA-wpfr-6297-9v57 was published for github.com/netlify/gotrue (Go) Feb 9, 2022
Cross-site Scripting in Gitea Moderate
CVE-2021-45329 was published for github.com/go-gitea/gitea (Go) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API