GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
188 advisories
Filter by severity
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
btcd mishandles witness size checking
Critical
CVE-2022-44797
was published
for
github.com/btcsuite/btcd
(Go)
Nov 7, 2022
TiDB vulnerable to Use of Externally-Controlled Format String
Critical
CVE-2022-3023
was published
for
github.com/pingcap/tidb
(Go)
Nov 4, 2022
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Critical
CVE-2022-39345
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Oct 25, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy
Critical
CVE-2022-38580
was published
for
github.com/zalando/skipper
(Go)
Oct 25, 2022
Gitea vulnerable to Argument Injection
Critical
CVE-2022-42968
was published
for
github.com/go-gitea/gitea
(Go)
Oct 16, 2022
Gogs vulnerable to Cross-site Scripting
Critical
CVE-2022-32174
was published
for
gogs.io/gogs
(Go)
Oct 11, 2022
xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service
Critical
CVE-2020-25614
was published
for
github.com/antchfx/xmlquery
(Go)
Oct 7, 2022
Caddy vulnerable to Authentication Bypass due to mishandling of TLS client authentication
Critical
CVE-2018-21246
was published
for
github.com/caddyserver/caddy
(Go)
Oct 6, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Labstack Echo Open Redirect vulnerability
Critical
CVE-2022-40083
was published
for
github.com/labstack/echo/v4
(Go)
Sep 29, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Critical
CVE-2021-36782
was published
for
github.com/rancher/rancher
(Go)
Sep 23, 2022
HashiCorp Vault vulnerable to incorrect metadata access
Critical
CVE-2022-40186
was published
for
github.com/hashicorp/vault
(Go)
Sep 23, 2022
Elrond-go has improper initialization
Critical
CVE-2022-36061
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 16, 2022
Casdoor arbitrary file write vulnerability
Critical
CVE-2022-38638
was published
for
github.com/casdoor/casdoor
(Go)
Sep 10, 2022
Path Traversal in Beego
Critical
CVE-2022-31836
was published
for
github.com/beego/beego
(Go)
Jul 6, 2022
Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2022-2321
was published
for
github.com/heroiclabs/nakama/v3
(Go)
Jul 6, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Signature forgery in Biscuit
Critical
CVE-2022-31053
was published
for
biscuit-auth
(Go)
Jun 17, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
OS Command Injection in file editor in Gogs
Critical
CVE-2022-1986
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Privilege escalation in Hashicorp Nomad
Critical
CVE-2022-30324
was published
for
github.com/hashicorp/nomad
(Go)
Jun 3, 2022
ProTip!
Advisories are also available from the
GraphQL API