Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

663 advisories

Loading
Boundary vulnerable to session hijacking through TLS certificate tampering High
CVE-2024-1052 was published for github.com/hashicorp/boundary (Go) Feb 5, 2024
Talos Linux ships runc vulnerable to the escape to the host attack High
GHSA-g5p6-327m-3fxx was published for github.com/siderolabs/talos (Go) Feb 2, 2024
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation High
CVE-2024-24747 was published for github.com/minio/minio (Go) Feb 1, 2024
NiklasBeierl xSke
donatello
Grafana path traversal High
CVE-2021-43798 was published for github.com/grafana/grafana (Go) Feb 1, 2024
jordyv
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Denial of service in HashiCorp Consul High
CVE-2020-25201 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds High
CVE-2024-21626 was published for github.com/opencontainers/runc (Go) Jan 31, 2024
rmcnamara-snyk cyphar
lifubang
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts High
CVE-2024-23651 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
HashiCorp Vault Authentication bypass High
CVE-2020-16251 was published for github.com/hashicorp/vault/vault (Go) Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF High
CVE-2024-23828 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers High
CVE-2024-23656 was published for github.com/dexidp/dex (Go) Jan 26, 2024
tuminoid
chasquid HTTP Request/Response Smuggling vulnerability High
CVE-2023-52354 was published for github.com/albertito/chasquid (Go) Jan 22, 2024
github.com/argoproj/argo-cd Cross-Site Request Forgery vulnerability High
CVE-2024-22424 was published for github.com/argoproj/argo-cd (Go) Jan 19, 2024
aphtrinh
Validation of `VoteExtensionsEnableHeight` can cause chain halt in Go package github.com/cometbft/cometbft High
GHSA-qr8r-m495-7hc4 was published for github.com/cometbft/cometbft (Go) Jan 19, 2024
crystals-go vulnerable to KyberSlash (timing side-channel attack for Kyber) High
GHSA-f6jh-hvg2-9525 was published for github.com/kudelskisecurity/crystals-go (Go) Jan 17, 2024
Authenticated (user role) arbitrary command execution by modifying `start_cmd` setting (GHSL-2023-268) High
CVE-2024-22198 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf
Authenticated (user role) remote command execution by modifying `nginx` settings (GHSL-2023-269) High
CVE-2024-22197 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf
Authenticated (user role) SQL injection in `OrderAndPaginate` (GHSL-2023-270) High
CVE-2024-22196 was published for github.com/0xJacky/Nginx-UI (Go) Jan 11, 2024
jorgectf
snapd Race Condition vulnerability High
CVE-2022-3328 was published for github.com/snapcore/snapd (Go) Jan 8, 2024
CIRCL's Kyber: timing side-channel (kyberslash2) High
GHSA-9763-4f94-gfch was published for github.com/cloudflare/circl (Go) Jan 8, 2024
Withdrawn Advisory: User-provided environment values allow execution on macOS agents High
GHSA-vfxf-76hv-v4w4 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener jentfoo
lukas-braune
Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access High
GHSA-c9v7-wmwj-vf6x was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener
ProTip! Advisories are also available from the GraphQL API