GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
189 advisories
Filter by severity
HashiCorp Vault vulnerable to incorrect metadata access
Critical
CVE-2022-40186
was published
for
github.com/hashicorp/vault
(Go)
Sep 23, 2022
Improper kubeconfig validation allows arbitrary code execution
Critical
CVE-2022-24817
was published
for
github.com/fluxcd/flux2
(Go)
May 16, 2022
Gogs vulnerable to Cross-site Scripting
Critical
CVE-2022-32174
was published
for
gogs.io/gogs
(Go)
Oct 11, 2022
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
Git LFS can execute a Git binary from the current directory
Critical
CVE-2020-27955
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 11, 2022
Authentication Bypass in tyk-identity-broker
Critical
CVE-2021-23365
was published
for
github.com/tyktechnologies/tyk-identity-broker
(Go)
Jun 23, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Rancher API and cluster.management.cattle.io object vulnerable to plaintext storage and exposure of credentials
Critical
CVE-2021-36782
was published
for
github.com/rancher/rancher
(Go)
Sep 23, 2022
Gitea vulnerable to Argument Injection
Critical
CVE-2022-42968
was published
for
github.com/go-gitea/gitea
(Go)
Oct 16, 2022
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0
Critical
CVE-2021-38553
was published
for
github.com/hashicorp/vault
(Go)
Aug 30, 2021
Gin-vue-admin subject to Remote Code Execution via file upload vulnerability
Critical
CVE-2022-39345
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Oct 25, 2022
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys
Critical
CVE-2023-22463
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 6, 2023
Alist vulnerable to Path Traversal
Critical
CVE-2022-45969
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 16, 2022
Squalor SQL Injection vulnerability
Critical
CVE-2020-36645
was published
for
github.com/square/squalor
(Go)
Jan 7, 2023
Improper Privilege Management in Gitea
Critical
CVE-2021-45330
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
owncast is vulnerable to SQL Injection
Critical
CVE-2022-3751
was published
for
github.com/owncast/owncast
(Go)
Nov 29, 2022
OS Command Injection in gogs
Critical
CVE-2021-32546
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
Improper Restriction of Excessive Authentication Attempts
Critical
CVE-2022-2321
was published
for
github.com/heroiclabs/nakama/v3
(Go)
Jul 6, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
OS Command Injection in file editor in Gogs
Critical
CVE-2022-1986
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Privilege escalation in Hashicorp Nomad
Critical
CVE-2022-30324
was published
for
github.com/hashicorp/nomad
(Go)
Jun 3, 2022
Elrond-go has improper initialization
Critical
CVE-2022-36061
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 16, 2022
ProTip!
Advisories are also available from the
GraphQL API