Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
req may send an unintended request when a malformed URL is provided High
CVE-2024-45258 was published for github.com/imroc/req (Go) Aug 26, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Improper HTML sanitization in ZITADEL High
CVE-2024-28855 was published for github.com/zitadel/zitadel (Go) Mar 18, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions High
GHSA-95rx-m9m5-m94v was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2024
Coder's OIDC authentication allows email with partially matching domain to register High
CVE-2024-27918 was published for github.com/coder/coder (Go) Mar 4, 2024
arcz maxammann
Maliciously crafted Git server replies can cause DoS on go-git clients High
CVE-2023-49568 was published for github.com/go-git/go-git/v5 (Go) Dec 27, 2023
bdilalu
Kubernetes Improper Input Validation vulnerability High
CVE-2023-5528 was published for k8s.io/kubernetes (Go) Nov 14, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3676 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3955 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
joshbressers
Ingress-nginx path sanitization can be bypassed High
CVE-2022-4886 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
usememos/memos vulnerable to improper input validation High
CVE-2023-4698 was published for github.com/usememos/memos (Go) Sep 1, 2023
Woodpecker does not validate webhook before changing any data High
CVE-2023-40034 was published for github.com/woodpecker-ci/woodpecker (Go) Aug 16, 2023
anbraten 6543
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
Kubernetes vulnerable to validation bypass High
CVE-2022-3294 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
aruneko kurt-r2c
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
nosurf vulnerable to improper input validation High
CVE-2020-36564 was published for github.com/justinas/nosurf (Go) Dec 28, 2022
Witness Block Parsing DoS Vulnerability High
CVE-2022-39389 was published for github.com/lightningnetwork/lnd (Go) Nov 18, 2022
Remote denial of service in Hyperledger Fabric Gateway High
CVE-2022-36023 was published for github.com/hyperledger/fabric (Go) Oct 13, 2022
fatal0
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package High
CVE-2022-2529 was published for github.com/cloudflare/goflow/v3 (Go) Oct 1, 2022
JustinTimperio
Hyperledger Fabric subject to Denial of Service via non-validated request High
CVE-2022-35253 was published for github.com/hyperledger/fabric (Go) Sep 25, 2022
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions High
CVE-2022-36085 was published for github.com/open-policy-agent/opa (Go) Sep 16, 2022
anderseknert
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database