GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
37 advisories
Filter by severity
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
AAD Pod Identity obtaining token with backslash
Moderate
CVE-2022-23551
was published
for
github.com/Azure/aad-pod-identity
(Go)
Dec 21, 2022
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Incorrect Authorization in HashiCorp Consul
Moderate
CVE-2020-7955
was published
for
github.com/hashicorp/consul
(Go)
Jul 28, 2021
gomatrixserverlib and Dendrite vulnerable to incorrect parsing of the event default power level in event auth
Moderate
CVE-2022-36009
was published
for
github.com/matrix-org/dendrite
(Go)
Aug 30, 2022
Improper Input Validation
Moderate
CVE-2021-3499
was published
for
github.com/ovn-org/ovn-kubernetes
(Go)
Jun 8, 2021
OIDC claims not updated from Identity Provider in Pomerium
Moderate
CVE-2021-41230
was published
for
github.com/pomerium/pomerium
(Go)
Nov 10, 2021
Potential network policy bypass when routing IPv6 traffic
Moderate
CVE-2023-27594
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
OpenFGA Authorization Bypass
Moderate
CVE-2022-39352
was published
for
github.com/openfga/openfga
(Go)
Nov 8, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Moderate
CVE-2022-31683
was published
for
github.com/concourse/concourse
(Go)
Oct 19, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA Authorization Bypass via tupleset wildcard
Moderate
CVE-2022-39341
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39342
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Istio Authorization Bypass Vulnerability
Moderate
CVE-2021-31920
was published
for
istio.io/istio
(Go)
May 24, 2022
•
withdrawn
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Moderate
CVE-2021-28681
was published
for
github.com/pion/webrtc/v3
(Go)
May 25, 2021
Mattermost Incorrect Authorization vulnerability
Moderate
CVE-2023-5194
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
On a compromised node, the fluid-csi service account can be used to modify node specs
Moderate
CVE-2023-30840
was published
for
github.com/fluid-cloudnative/fluid
(Go)
May 9, 2023
Mattermost does not validate requesting user permissions before updating admin details
Moderate
CVE-2023-4107
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Aug 11, 2023
Mattermost Incorrect Authorization vulnerability
Moderate
CVE-2023-5195
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Sep 29, 2023
1Panel Arbitrary File Download vulnerability
Moderate
CVE-2023-39965
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Email Validation Bypass And Preventing Sign Up From Email's Owner
Moderate
CVE-2023-6152
was published
for
github.com/grafana/grafana
(Go)
Feb 13, 2024
ProTip!
Advisories are also available from the
GraphQL API