Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

47 advisories

Loading
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Use of a Broken or Risky Cryptographic Algorithm in Terraform High
CVE-2019-19316 was published for github.com/hashicorp/terraform (Go) May 18, 2021
Kubernetes Improper Input Validation vulnerability High
CVE-2023-5528 was published for k8s.io/kubernetes (Go) Nov 14, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
joshbressers
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
Cloud Foundry Routing Improper Input Validation vulnerability High
CVE-2019-11289 was published for code.cloudfoundry.org/gorouter (Go) May 18, 2021
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions High
GHSA-95rx-m9m5-m94v was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2024
Improper HTML sanitization in ZITADEL High
CVE-2024-28855 was published for github.com/zitadel/zitadel (Go) Mar 18, 2024
Coder's OIDC authentication allows email with partially matching domain to register High
CVE-2024-27918 was published for github.com/coder/coder (Go) Mar 4, 2024
arcz maxammann
Ingress-nginx path sanitization can be bypassed High
CVE-2022-4886 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions High
CVE-2022-36085 was published for github.com/open-policy-agent/opa (Go) Sep 16, 2022
anderseknert
Arbitrary filepath traversal via URI injection High
CVE-2021-3907 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Maliciously crafted Git server replies can cause DoS on go-git clients High
CVE-2023-49568 was published for github.com/go-git/go-git/v5 (Go) Dec 27, 2023
bdilalu
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3676 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Woodpecker does not validate webhook before changing any data High
CVE-2023-40034 was published for github.com/woodpecker-ci/woodpecker (Go) Aug 16, 2023
anbraten 6543
Kubernetes privilege escalation vulnerability High
CVE-2023-3955 was published for k8s.io/kubernetes (Go) Oct 31, 2023
usememos/memos vulnerable to improper input validation High
CVE-2023-4698 was published for github.com/usememos/memos (Go) Sep 1, 2023
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
GitHub Git LFS Arbitrary command execution vulnerability High
CVE-2017-17831 was published for github.com/git-lfs/git-lfs (Go) May 14, 2022
Improper Input Validation in vault-ssh-helper High
CVE-2020-24359 was published for github.com/hashicorp/vault-ssh-helper (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API