GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Denial of service in Grafana
Moderate
CVE-2021-27358
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
DevSpace vulnerable to remote code execution
Critical
CVE-2020-15391
was published
for
github.com/loft-sh/devspace
(Go)
May 24, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package
Moderate
CVE-2022-31022
was published
for
github.com/blevesearch/bleve
(Go)
Jun 3, 2022
Dapr Dashboard vulnerable to Incorrect Access Control
High
CVE-2022-38817
was published
for
github.com/dapr/dashboard
(Go)
Oct 4, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Critical
CVE-2023-37265
was published
for
github.com/IceWhaleTech/CasaOS-Gateway
(Go)
Jul 17, 2023
Answer Missing Authentication for Critical Function
High
CVE-2023-4815
was published
for
github.com/answerdev/answer
(Go)
Sep 7, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound
Critical
CVE-2023-43644
was published
for
github.com/sagernet/sing
(Go)
Sep 26, 2023
Cilium vulnerable to bypass of namespace restrictions in CiliumNetworkPolicy
Moderate
CVE-2023-41333
was published
for
github.com/cilium/cilium
(Go)
Sep 27, 2023
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Navidrome uses MD5 hashing algorithm
Moderate
CVE-2024-41259
was published
for
github.com/navidrome/navidrome
(Go)
Aug 1, 2024
Chisel's AUTH environment variable not respected in server entrypoint
High
CVE-2024-43798
was published
for
github.com/jpillora/chisel
(Go)
Aug 27, 2024
ProTip!
Advisories are also available from the
GraphQL API