GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
188 advisories
Filter by severity
Command Injection in CasaOS
Critical
CVE-2022-24193
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Mar 11, 2022
Off-by-one Error in v2fly/v2ray-core
Critical
CVE-2021-4070
was published
for
github.com/v2fly/v2ray-core
(Go)
Feb 24, 2022
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
Privilege Escalation in Kubernetes
Critical
CVE-2018-1002105
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Use After Free in HashiCorp Nomad
Critical
CVE-2020-27195
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Grafana Authentication Bypass
Critical
CVE-2018-15727
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Gitea Remote Code Execution (RCE)
Critical
CVE-2018-18926
was published
for
code.gitea.io/gitea
(Go)
Feb 15, 2022
nats-io/jwt not enforcing checking of Import token permissions
Critical
CVE-2021-3127
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
Authentication Bypass in github.com/russellhaering/gosaml2
Critical
CVE-2020-29509
was published
for
github.com/russellhaering/gosaml2
(Go)
Feb 11, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Git LFS can execute a Git binary from the current directory
Critical
CVE-2020-27955
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 11, 2022
Reuse of one time passwords allowed in Gitea
Critical
CVE-2021-45331
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Improper Privilege Management in Gitea
Critical
CVE-2021-45330
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Critical
GHSA-gp6j-vx54-5pmf
was published
for
github.com/keep-network/keep-ecdsa
(Go)
Jan 6, 2022
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
Critical security issues in XML encoding in github.com/dexidp/dex
Critical
CVE-2020-26290
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
Authorization bypass in Openshift
Critical
CVE-2016-1906
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Critical
CVE-2021-32637
was published
for
github.com/authelia/authelia/v4
(Go)
Dec 20, 2021
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Improper Authenication in Pion DTLS
Critical
CVE-2019-20786
was published
for
github.com/pion/dtls
(Go)
Jun 29, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
ProTip!
Advisories are also available from the
GraphQL API