GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
109 advisories
Filter by severity
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
Login screen allows message spoofing if SSO is enabled
Moderate
CVE-2022-24905
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Improper Input Validation in k8s.io/ingress-nginx
High
CVE-2021-25745
was published
for
k8s.io/ingress-nginx
(Go)
May 7, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Hyperledger Fabric subject to Denial of Service via non-validated request
High
CVE-2022-35253
was published
for
github.com/hyperledger/fabric
(Go)
Sep 25, 2022
Witness Block Parsing DoS Vulnerability
High
CVE-2022-39389
was published
for
github.com/lightningnetwork/lnd
(Go)
Nov 18, 2022
Remote denial of service in Hyperledger Fabric Gateway
High
CVE-2022-36023
was published
for
github.com/hyperledger/fabric
(Go)
Oct 13, 2022
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name
High
CVE-2022-36058
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Sep 1, 2022
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Improper input validation in CNCF Cortex
Moderate
CVE-2021-31232
was published
for
github.com/cortexproject/cortex
(Go)
Jun 23, 2021
Crash due to malformed relay protocol message
Low
CVE-2021-21404
was published
for
github.com/syncthing/syncthing
(Go)
May 21, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Moderate
CVE-2020-15233
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Workflow re-write vulnerability using input parameter
Moderate
CVE-2021-37914
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 9, 2021
Email relay in Apache Traffic Control
Moderate
CVE-2021-42009
was published
for
github.com/apache/trafficcontrol
(Go)
Oct 13, 2021
Files or Directories Accessible to External Parties in kubernetes
High
CVE-2021-25741
was published
for
k8s.io/kubernetes
(Go)
Nov 1, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
CVE-2021-32635
was published
for
github.com/sylabs/singularity
(Go)
Jun 1, 2021
nosurf vulnerable to improper input validation
High
CVE-2020-36564
was published
for
github.com/justinas/nosurf
(Go)
Dec 28, 2022
Lookup operations do not take into account wildcards in SpiceDB
High
CVE-2022-21646
was published
for
github.com/authzed/spicedb
(Go)
Jan 13, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Denial of Service in OpenShift Origin
Moderate
CVE-2015-5250
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
NUL character in ROA causes OctoRPKI to crash
High
CVE-2021-3910
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Misconfigured IP address field in ROA leads to OctoRPKI crash
Moderate
CVE-2021-3911
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
ProTip!
Advisories are also available from the
GraphQL API