GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
739 advisories
Filter by severity
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd
High
GHSA-j92c-mmf7-j5x5
was published
for
github.com/cheqd/cheqd-node
(Go)
Oct 18, 2022
Prometheus vulnerable to basic authentication bypass
High
GHSA-4v48-4q5m-8vx4
was published
for
github.com/prometheus/prometheus
(Go)
Dec 5, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Arbitrary Code Execution in Docker
High
CVE-2014-6407
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Listing of upload directory contents possible
High
GHSA-qmfx-75ff-8mw6
was published
for
github.com/ThomasLeister/prosody-filer
(Go)
May 27, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Denial of Service in Gitea
High
CVE-2020-13246
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
S3 storage write is not aborted on errors leading to unbounded memory usage
High
GHSA-m6m5-pp4g-fcc8
was published
for
github.com/foxcpp/maddy
(Go)
Oct 6, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
High
GHSA-qvp4-rpmr-xwrr
was published
for
github.com/ory/oathkeeper
(Go)
Jun 23, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints
High
GHSA-m7vp-hqwv-7m5x
was published
for
github.com/spiffe/spire
(Go)
Jan 12, 2022
Daemon panics when processing certain blocks
High
GHSA-mcq2-w56r-5w2w
was published
for
github.com/ipld/go-ipfs
(Go)
Apr 8, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM
High
GHSA-34vw-m4rh-r36p
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Execution Control List (ECL) Is Insecure in Singularity
High
CVE-2020-13845
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API