GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
High
GHSA-34vw-m4rh-r36p
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
GoBase Race Condition vulnerability
Low
CVE-2022-2583
was published
for
github.com/ntbosscher/gobase
(Go)
Dec 28, 2022
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts
Moderate
CVE-2022-46174
was published
for
github.com/kubernetes-sigs/aws-efs-csi-driver
(Go)
Dec 30, 2022
HashiCorp Nomad Artifact Download Race Condition
Moderate
CVE-2022-24686
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Answer vulnerable to Race Condition
Moderate
CVE-2023-0739
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
High
CVE-2021-30465
was published
for
github.com/opencontainers/runc
(Go)
May 25, 2021
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition
Low
GHSA-h2x7-2ff6-v32p
was published
for
github.com/ntbosscher/gobase
(Go)
Feb 11, 2022
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
LXD vulnerable to Race Condition
High
CVE-2015-1340
was published
for
github.com/lxc/lxd
(Go)
May 24, 2022
ZITADEL race condition in lockout policy execution
High
CVE-2023-47111
was published
for
github.com/zitadel/zitadel
(Go)
Nov 8, 2023
Fabric vulnerable to crosslinking transaction attack
High
CVE-2023-46132
was published
for
github.com/hyperledger/fabric
(Go)
Nov 14, 2023
Harbor timing attack risk
Moderate
CVE-2023-20902
was published
for
github.com/goharbor/harbor
(Go)
Oct 10, 2023
Deis Workflow Manager race condition vulnerability
Moderate
CVE-2016-15036
was published
for
github.com/deis/workflow-manager
(Go)
Dec 23, 2023
github.com/go-resty/resty/v2 HTTP request body disclosure
Moderate
CVE-2023-45286
was published
for
github.com/go-resty/resty/v2
(Go)
Nov 28, 2023
Apache Answer Race Condition vulnerability
Low
CVE-2023-49619
was published
for
github.com/apache/incubator-answer
(Go)
Jan 10, 2024
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
High
CVE-2024-23651
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access
Critical
CVE-2024-27102
was published
for
github.com/pterodactyl/wings
(Go)
Mar 15, 2024
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Grafana Race condition allowing privilege escalation
Critical
CVE-2022-39328
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability
Moderate
CVE-2024-35255
was published
for
@azure/identity
(Go)
Jun 11, 2024
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability
Moderate
GHSA-rvj4-q8q5-8grf
was published
for
github.com/traefik/traefik/v2
(Go)
Jun 20, 2024
Policy bypass for Host Firewall policy due to race condition in Cilium agent
Moderate
CVE-2024-42488
was published
for
github.com/cilium/cilium
(Go)
Aug 15, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
Argo Workflows Controller: Denial of Service via malicious daemon Workflows
Moderate
CVE-2024-47827
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Oct 28, 2024
snapd Race Condition vulnerability
Critical
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
ProTip!
Advisories are also available from the
GraphQL API