Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

177 advisories

Loading
Teleport Access List owners can escalate their privileges Critical
GHSA-76cc-p55w-63g3 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Moaz219
Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users Critical
GHSA-hw4x-mcx5-9q36 was published for github.com/gravitational/teleport (Go) Jan 3, 2024 withdrawn
Tener espadolini
Improper Privilege Management in github.com/sap/cloud-security-client-go Critical
GHSA-m8rw-rcpq-2vp2 was published for github.com/sap/cloud-security-client-go (Go) Dec 13, 2023
Privilege escalation in sap/cloud-security-client-go Critical
CVE-2023-50424 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023
Capsule Proxy Authentication bypass using an empty token Critical
CVE-2023-48312 was published for github.com/clastix/capsule-proxy (Go) Nov 24, 2023
luisdavim slimm609
psc4re
SQL injection vulnerability in Meshery Critical
CVE-2023-46575 was published for github.com/layer5io/meshery (Go) Nov 24, 2023
MarkLee131
Plonk verifier KZG multi point verification Critical
GHSA-7p92-x423-vwj6 was published for github.com/consensys/gnark (Go) Oct 17, 2023
0xmp vesselinux
InaOana antonleviathan
CSRF Token Reuse Vulnerability Critical
CVE-2023-45128 was published for github.com/gofiber/fiber/v2 (Go) Oct 17, 2023
rere61 sixcolors
the-hotmann gaby efectn ReneWerner87
JWT token compromise can allow malicious actions including Remote Code Execution (RCE) Critical
CVE-2023-32188 was published for github.com/neuvector/neuvector (Go) Oct 6, 2023
Consensys gnark-crypto allows Signature Malleability Critical
CVE-2023-44273 was published for github.com/Consensys/gnark-crypto (Go) Sep 28, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound Critical
CVE-2023-43644 was published for github.com/sagernet/sing (Go) Sep 26, 2023
NATS nats-server allows directory traversal via unintended path to a management action Critical
CVE-2022-28357 was published for github.com/nats-io/nats-server (Go) Sep 19, 2023
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos Critical
CVE-2023-4696 was published for github.com/usememos/memos (Go) Sep 1, 2023
KubePi Privilege Escalation vulnerability Critical
CVE-2023-37917 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd
CasaOS contains weak JWT secrets Critical
CVE-2023-37266 was published for github.com/IceWhaleTech/CasaOS (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
CasaOS Gateway vulnerable to incorrect identification of source IP addresses Critical
CVE-2023-37265 was published for github.com/IceWhaleTech/CasaOS-Gateway (Go) Jul 17, 2023
thomas-chauchefoin-sonarsource
Improper configuration of RBAC permissions obtaining cluster control permissions Critical
CVE-2023-33190 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Grafana vulnerable to Authentication Bypass by Spoofing Critical
CVE-2023-3128 was published for github.com/grafana/grafana (Go) Jun 22, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets Critical
CVE-2023-22647 was published for rancher/rancher (Go) Jun 6, 2023
Brook's tproxy server is vulnerable to a drive-by command injection. Critical
CVE-2023-33965 was published for github.com/txthinking/brook (Go) Jun 6, 2023
pwntester
Signature validation bypass in github.com/moov-io/signedxml Critical
CVE-2023-34205 was published for github.com/moov-io/signedxml (Go) May 30, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests Critical
CVE-2023-33189 was published for github.com/pomerium/pomerium (Go) May 26, 2023
nonsleepr
Wings vulnerable to escape to host from installation container Critical
CVE-2023-32080 was published for github.com/pterodactyl/wings (Go) May 11, 2023
chirag350
ProTip! Advisories are also available from the GraphQL API