GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 19,370
Composer 3,968
Erlang 29
GitHub Actions 16
Go 1,749
Maven 4,978
npm 3,509
NuGet 609
pip 3,084
Pub 10
RubyGems 832
Rust 782
Swift 34

Unreviewed advisories

All unreviewed 221,265

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

177 advisories

Filter by severity

Sort by

Least recently updated

rke's credentials are stored in the RKE1 Cluster state ConfigMap Critical

CVE-2023-32191 was published for github.com/rancher/rke (Go) Jun 17, 2024

Files or Directories Accessible to External Parties in ProjectDiscovery Critical

CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024

Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical

CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022

Rancher Recreates Default User With Known Password Despite Deletion Critical

CVE-2019-11202 was published for github.com/rancher/rancher (Go) May 24, 2022

xmlquery lacks check for whether LoadURL response is in XML format, causing denial of service Critical

CVE-2020-25614 was published for github.com/antchfx/xmlquery (Go) Oct 7, 2022

nats-io/jwt not enforcing checking of Import token permissions Critical

CVE-2021-3127 was published for github.com/nats-io/jwt (Go) Feb 15, 2022

ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache Critical

CVE-2024-31989 was published for github.com/argoproj/argo-cd (Go) May 21, 2024

Some CORS middleware allow untrusted origins Critical

GHSA-v84h-653v-4pq9 was published for github.com/jub0bs/fcors (Go) May 3, 2024

Some CORS middleware allow untrusted origins Critical

GHSA-vhxv-fg4m-p2w8 was published for github.com/jub0bs/cors (Go) May 3, 2024

Cross-site scripting on application summary component Critical

CVE-2024-28175 was published for github.com/argoproj/argo-cd (Go) Mar 15, 2024

Buildkit's interactive containers API does not validate entitlements check Critical

CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024

Improper Privilege Management in github.com/sap/cloud-security-client-go Critical

GHSA-m8rw-rcpq-2vp2 was published for github.com/sap/cloud-security-client-go (Go) Dec 13, 2023

Privilege escalation in sap/cloud-security-client-go Critical

CVE-2023-50424 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023

sjqzhang go-fastdfs vulnerable to path traversal Critical

CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023

mellium.im/sasl authentication failure due to insufficient nonce randomness Critical

CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022

docconv OS Command Injection vulnerability Critical

CVE-2022-4643 was published for code.sajari.com/docconv (Go) Dec 22, 2022

btcd mishandles witness size checking Critical

CVE-2022-44797 was published for github.com/btcsuite/btcd (Go) Nov 7, 2022

Command Injection Vulnerability with Mercurial in VCS Critical

CVE-2022-21235 was published for github.com/Masterminds/vcs (Go) Apr 1, 2022

GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical

CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022

Collision of hash values in github.com/bnb-chain/tss-lib Critical

CVE-2022-47931 was published for github.com/bnb-chain/tss-lib (Go) Dec 23, 2022

Incorrect handling of credential expiry by /nats-io/nats-server Critical

CVE-2020-26892 was published for github.com/nats-io/jwt (Go) Feb 11, 2022

LZ4 vulnerable to Out-of-bounds Write Critical

CVE-2014-125026 was published for github.com/cloudflare/golz4 (Go) Dec 28, 2022

Grafana Race condition allowing privilege escalation Critical

CVE-2022-39328 was published for github.com/grafana/grafana (Go) May 14, 2024

Grafana Fine-grained access control vulnerability Critical

CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024

HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches Critical

CVE-2024-3817 was published for github.com/hashicorp/go-getter (Go) Apr 17, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

177 advisories