GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
50 advisories
Filter by severity
Cloud Foundry Routing Improper Input Validation vulnerability
High
CVE-2019-11289
was published
for
code.cloudfoundry.org/gorouter
(Go)
May 18, 2021
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Go Ethereum Improper Input Validation
High
CVE-2018-16733
was published
for
github.com/ethereum/go-ethereum
(Go)
May 18, 2021
Policies not properly enforced in bluemonday
High
CVE-2021-42576
was published
for
github.com/microcosm-cc/bluemonday
(Go)
Oct 19, 2021
Files or Directories Accessible to External Parties in kubernetes
High
CVE-2021-25741
was published
for
k8s.io/kubernetes
(Go)
Nov 1, 2021
Arbitrary filepath traversal via URI injection
High
CVE-2021-3907
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
NUL character in ROA causes OctoRPKI to crash
High
CVE-2021-3910
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Lookup operations do not take into account wildcards in SpiceDB
High
CVE-2022-21646
was published
for
github.com/authzed/spicedb
(Go)
Jan 13, 2022
Improper Input Validation in vault-ssh-helper
High
CVE-2020-24359
was published
for
github.com/hashicorp/vault-ssh-helper
(Go)
Feb 15, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift
High
CVE-2019-3564
was published
for
github.com/facebook/fbthrift
(Go)
Feb 15, 2022
Gitea Improper Input Validation
High
CVE-2019-11228
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
containernetworking/cni improper limitation of path name
High
CVE-2021-20206
was published
for
github.com/containernetworking/cni
(Go)
Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Improper Input Validation in GoGo Protobuf
High
CVE-2021-3121
was published
for
github.com/gogo/protobuf
(Go)
Mar 28, 2022
Improper Input Validation in k8s.io/ingress-nginx
High
CVE-2021-25745
was published
for
k8s.io/ingress-nginx
(Go)
May 7, 2022
GitHub Git LFS Arbitrary command execution vulnerability
High
CVE-2017-17831
was published
for
github.com/git-lfs/git-lfs
(Go)
May 14, 2022
Sylabs Singularity Improper Input Validation
High
CVE-2018-19295
was published
for
github.com/sylabs/singularity
(Go)
May 14, 2022
mastercactapus proxyprotocol vulnerable to denial of service
High
CVE-2019-14243
was published
for
github.com/mastercactapus/proxyprotocol
(Go)
May 24, 2022
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request
High
CVE-2022-31121
was published
for
github.com/hyperledger/fabric
(Go)
Jul 8, 2022
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9
High
CVE-2022-2385
was published
for
sigs.k8s.io/aws-iam-authenticator
(Go)
Jul 13, 2022
Improper token validation leading to code execution in Teleport
High
CVE-2022-36633
was published
for
github.com/gravitational/teleport
(Go)
Aug 25, 2022
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
High
CVE-2022-36058
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 1, 2022
OPA Compiler: Bypass of WithUnsafeBuiltins using "with" keyword to mock functions
High
CVE-2022-36085
was published
for
github.com/open-policy-agent/opa
(Go)
Sep 16, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request
High
CVE-2022-35253
was published
for
github.com/hyperledger/fabric
(Go)
Sep 25, 2022
ProTip!
Advisories are also available from the
GraphQL API