GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,830 advisories
Filter by severity
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Cross-site scripting in Dutchcoders transfer.sh
Moderate
CVE-2021-33496
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Go Ethereum Denial of Service
High
CVE-2018-19184
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Consensus flaw during block processing in github.com/ethereum/go-ethereum
Moderate
CVE-2020-26265
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Denial of service in github.com/ethereum/go-ethereum
Moderate
CVE-2020-26264
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Denial of service in go-ethereum due to CVE-2020-28362
Critical
GHSA-m6gx-rhvj-fh52
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Denial of service in geth
Moderate
CVE-2020-26242
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Shallow copy bug in geth
Moderate
CVE-2020-26241
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Erroneous Proof of Work calculation in geth
Moderate
CVE-2020-26240
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
SQL Injection in gogs.io/gogs
Moderate
CVE-2014-8681
was published
for
github.com/gogits/gogs
(Go)
Jun 29, 2021
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Improper network isolation in Hashicorp Nomad
Moderate
CVE-2021-32575
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Incorrect Authorization in ORY Oathkeeper
High
CVE-2021-32701
was published
for
github.com/ory/oathkeeper
(Go)
Jun 24, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Plugin archive directory traversal in Helm
Low
CVE-2020-4053
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
Helm passes repository credentials to alternate domain
Moderate
CVE-2021-32690
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Moderate
CVE-2021-32699
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate
High
CVE-2020-7919
was published
for
github.com/helm/helm
(Go)
Jun 23, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
High
GHSA-qvp4-rpmr-xwrr
was published
for
github.com/ory/oathkeeper
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API