Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

14 advisories

Loading
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Denial of service in Grafana Moderate
CVE-2021-27358 was published for github.com/grafana/grafana (Go) Feb 15, 2022
DevSpace vulnerable to remote code execution Critical
CVE-2020-15391 was published for github.com/loft-sh/devspace (Go) May 24, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Dapr Dashboard vulnerable to Incorrect Access Control High
CVE-2022-38817 was published for github.com/dapr/dashboard (Go) Oct 4, 2022
KubeView vulnerable to full cluster takeover due to improper authentication Critical
CVE-2022-45933 was published for github.com/benc-uk/kubeview (Go) Nov 27, 2022
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
Answer Missing Authentication for Critical Function High
CVE-2023-4815 was published for github.com/answerdev/answer (Go) Sep 7, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy Moderate
CVE-2023-41333 was published for github.com/cilium/cilium (Go) Sep 27, 2023
odinuge
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Navidrome uses MD5 hashing algorithm Moderate
CVE-2024-41259 was published for github.com/navidrome/navidrome (Go) Aug 1, 2024
Chisel's AUTH environment variable not respected in server entrypoint High
CVE-2024-43798 was published for github.com/jpillora/chisel (Go) Aug 27, 2024
lleyton korewaChino
jpillora
ProTip! Advisories are also available from the GraphQL API