Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Improper Input Validation in k8s.io/ingress-nginx High
CVE-2021-25745 was published for k8s.io/ingress-nginx (Go) May 7, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request High
CVE-2022-35253 was published for github.com/hyperledger/fabric (Go) Sep 25, 2022
Witness Block Parsing DoS Vulnerability High
CVE-2022-39389 was published for github.com/lightningnetwork/lnd (Go) Nov 18, 2022
Remote denial of service in Hyperledger Fabric Gateway High
CVE-2022-36023 was published for github.com/hyperledger/fabric (Go) Oct 13, 2022
fatal0
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name High
CVE-2022-36058 was published for github.com/ElrondNetwork/elrond-go (Go) Sep 1, 2022
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
nosurf vulnerable to improper input validation High
CVE-2020-36564 was published for github.com/justinas/nosurf (Go) Dec 28, 2022
Lookup operations do not take into account wildcards in SpiceDB High
CVE-2022-21646 was published for github.com/authzed/spicedb (Go) Jan 13, 2022
vroldanbet
NUL character in ROA causes OctoRPKI to crash High
CVE-2021-3910 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 High
CVE-2022-2385 was published for sigs.k8s.io/aws-iam-authenticator (Go) Jul 13, 2022
tdunlap607
Kubernetes vulnerable to validation bypass High
CVE-2022-3294 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
aruneko kurt-r2c
Improper token validation leading to code execution in Teleport High
CVE-2022-36633 was published for github.com/gravitational/teleport (Go) Aug 25, 2022
mastercactapus proxyprotocol vulnerable to denial of service High
CVE-2019-14243 was published for github.com/mastercactapus/proxyprotocol (Go) May 24, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
XML Entity Expansion and Improper Input Validation in Kubernetes API server High
CVE-2019-11253 was published for k8s.io/kubernetes (Go) May 18, 2021
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package High
CVE-2022-2529 was published for github.com/cloudflare/goflow/v3 (Go) Oct 1, 2022
JustinTimperio
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request High
CVE-2022-31121 was published for github.com/hyperledger/fabric (Go) Jul 8, 2022
fatal0
Go Ethereum Improper Input Validation High
CVE-2018-16733 was published for github.com/ethereum/go-ethereum (Go) May 18, 2021
Gitea Improper Input Validation High
CVE-2019-11228 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
containernetworking/cni improper limitation of path name High
CVE-2021-20206 was published for github.com/containernetworking/cni (Go) Feb 15, 2022
Improper Input Validation in vault-ssh-helper High
CVE-2020-24359 was published for github.com/hashicorp/vault-ssh-helper (Go) Feb 15, 2022
GitHub Git LFS Arbitrary command execution vulnerability High
CVE-2017-17831 was published for github.com/git-lfs/git-lfs (Go) May 14, 2022
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database