GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,055 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd
High
GHSA-j92c-mmf7-j5x5
was published
for
github.com/cheqd/cheqd-node
(Go)
Oct 18, 2022
Prometheus vulnerable to basic authentication bypass
High
GHSA-4v48-4q5m-8vx4
was published
for
github.com/prometheus/prometheus
(Go)
Dec 5, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library
High
GHSA-gmhj-xjfh-cf6m
was published
for
github.com/mohammed90/caddy-ssh
(Go)
Sep 23, 2022
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Moderate
CVE-2020-8569
was published
for
github.com/kubernetes-csi/external-snapshotter/v2
(Go)
Feb 15, 2022
Improper Privilege Management in HashiCorp Nomad
High
CVE-2021-3283
was published
for
github.com/hashicorp/nomad
(Go)
Jun 24, 2021
Import of incorrectly embargoed keys could cause early publication
Moderate
GHSA-3wxm-m9m4-cprj
was published
for
github.com/google/exposure-notifications-server
(Go)
May 21, 2021
Arbitrary Code Execution in Docker
High
CVE-2014-6407
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Privilege Escalation in Kubernetes
Critical
CVE-2018-1002105
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
A failed upgrade may lead to hung goroutines
Low
GHSA-gmq2-39ff-f5qg
was published
for
github.com/cloudflare/tableflip
(Go)
May 21, 2021
accounts: Hash account number using Salt
Low
GHSA-g636-q5fc-4pr7
was published
for
github.com/moov-io/customers
(Go)
May 24, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Listing of upload directory contents possible
High
GHSA-qmfx-75ff-8mw6
was published
for
github.com/ThomasLeister/prosody-filer
(Go)
May 27, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed
Moderate
GHSA-57q7-rxqq-7vgp
was published
for
github.com/github/git-sizer
(Go)
Feb 15, 2022
Attack on Kubernetes via Misconfigured Argo Workflows
Moderate
GHSA-rc7p-gmvh-xfx2
was published
for
github.com/argoproj/argo-workflows
(Go)
Aug 2, 2021
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Denial of Service in docker2aci
Moderate
CVE-2016-8579
was published
for
github.com/appc/docker2aci
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API