GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
High
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
Grafana Email addresses and usernames can not be trusted
High
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Improper HTML sanitization in ZITADEL
High
CVE-2024-28855
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
High
GHSA-95rx-m9m5-m94v
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Mar 12, 2024
Coder's OIDC authentication allows email with partially matching domain to register
High
CVE-2024-27918
was published
for
github.com/coder/coder
(Go)
Mar 4, 2024
Maliciously crafted Git server replies can cause DoS on go-git clients
High
CVE-2023-49568
was published
for
github.com/go-git/go-git/v5
(Go)
Dec 27, 2023
Kubernetes Improper Input Validation vulnerability
High
CVE-2023-5528
was published
for
k8s.io/kubernetes
(Go)
Nov 14, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
High
CVE-2023-3893
was published
for
github.com/kubernetes-csi/csi-proxy
(Go)
Nov 3, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3676
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3955
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress-nginx path sanitization can be bypassed
High
CVE-2022-4886
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
usememos/memos vulnerable to improper input validation
High
CVE-2023-4698
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
Woodpecker does not validate webhook before changing any data
High
CVE-2023-40034
was published
for
github.com/woodpecker-ci/woodpecker
(Go)
Aug 16, 2023
Possible image tampering from missing image validation for Packages
High
CVE-2023-38495
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
mx-chain-go does not treat invalid transaction with wrong username correctly
High
CVE-2023-33964
was published
for
github.com/multiversx/mx-chain-go
(Go)
Jun 2, 2023
Kubernetes vulnerable to validation bypass
High
CVE-2022-3294
was published
for
github.com/kubernetes/kubernetes
(Go)
Mar 1, 2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
nosurf vulnerable to improper input validation
High
CVE-2020-36564
was published
for
github.com/justinas/nosurf
(Go)
Dec 28, 2022
Witness Block Parsing DoS Vulnerability
High
CVE-2022-39389
was published
for
github.com/lightningnetwork/lnd
(Go)
Nov 18, 2022
Remote denial of service in Hyperledger Fabric Gateway
High
CVE-2022-36023
was published
for
github.com/hyperledger/fabric
(Go)
Oct 13, 2022
Cloudflare GoFlow vulnerable to a Denial of Service in the sflow packet handling package
High
CVE-2022-2529
was published
for
github.com/cloudflare/goflow/v3
(Go)
Oct 1, 2022
ProTip!
Advisories are also available from the
GraphQL API