Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,023
Erlang
29
GitHub Actions
16
Go
1,830
Maven
5,000+
npm
3,573
NuGet
632
pip
3,156
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+

188 advisories

Loading
Gitea Cross-site Scripting Vulnerability Critical
CVE-2024-6886 was published for code.gitea.io/gitea (Go) Aug 6, 2024
pREST vulnerable to jwt bypass + sql injection Critical
GHSA-wm25-j4gw-6vr3 was published for github.com/prest/prest (Go) Jul 30, 2024
mihail8531
Authz zero length regression Critical
CVE-2024-41110 was published for github.com/docker/docker (Go) Jul 30, 2024
corhere westonsteimel
Volcano has insecure permissions Critical
CVE-2024-36533 was published for github.com/volcano-sh/volcano (Go) Jul 24, 2024
1Panel has an SQL injection issue related to the orderBy clause Critical
CVE-2024-39907 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2024
xuebibibibibi
Gogs allows argument injection during the previewing of changes Critical
CVE-2024-39932 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for github.com/gogs/gogs (Go) Jul 4, 2024
github.com/gogs/gogs affected by CVE-2024-39930 Critical
CVE-2024-39930 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Session Middleware Token Injection Vulnerability Critical
CVE-2024-38513 was published for github.com/gofiber/fiber (Go) Jul 1, 2024
sixcolors
Gin mishandles a wildcard at the end of an origin string Critical
CVE-2019-25211 was published for github.com/gin-contrib/cors (Go) Jun 29, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical
CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical
CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024
oreenlivnicode leoluz
crenshaw-dev mkilchhofer todaywasawesome pasha-codefresh
Grafana Race condition allowing privilege escalation Critical
CVE-2022-39328 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution Critical
CVE-2024-33434 was published for github.com/tiagorlampert/CHAOS (Go) May 7, 2024
Some CORS middleware allow untrusted origins Critical
GHSA-v84h-653v-4pq9 was published for github.com/jub0bs/fcors (Go) May 3, 2024
jub0bs
Some CORS middleware allow untrusted origins Critical
GHSA-vhxv-fg4m-p2w8 was published for github.com/jub0bs/cors (Go) May 3, 2024
jub0bs
Improper Access Control in Gitea Critical
CVE-2020-28991 was published for github.com/go-gitea/gitea (Go) Apr 24, 2024
Privilege Escalation in kubevirt Critical
CVE-2020-14316 was published for kubevirt.io/kubevirt (Go) Apr 24, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches Critical
CVE-2024-3817 was published for github.com/hashicorp/go-getter (Go) Apr 17, 2024
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit Critical
GHSA-v6rw-hhgg-wc4x was published for github.com/evmos/evmos/v11 (Go) Apr 17, 2024
Evmos transaction execution not accounting for all state transition after interaction with precompiles Critical
CVE-2024-32644 was published for github.com/evmos/evmos/v16 (Go) Apr 10, 2024
iczc
LocalAI Command Injection in audioToWav Critical
CVE-2024-2029 was published for github.com/go-skynet/LocalAI (Go) Apr 10, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks Critical
GHSA-j496-crgh-34mx was published for github.com/cosmos/ibc-go (Go) Apr 5, 2024
mdulin2
ProTip! Advisories are also available from the GraphQL API