GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,256
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,729
NuGet
662
pip
3,407
Pub
12
RubyGems
890
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
924 advisories
Filter by severity
CosmWasm VM Incorrect metering
Moderate
GHSA-2q97-m5rc-p3gp
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Panic in wasmvm can slow down block production
Moderate
GHSA-vmqh-5232-v43r
was published
for
cosmwasm-vm
(Go)
Dec 10, 2024
Hugo does not escape some attributes in internal templates
Moderate
CVE-2024-55601
was published
for
github.com/gohugoio/hugo
(Go)
Dec 9, 2024
NULL Pointer Dereference on moby image history
Moderate
CVE-2024-36620
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
runc AppArmor bypass with symlinked /proc
Moderate
CVE-2023-28642
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability
Moderate
CVE-2024-54132
was published
for
github.com/cli/cli
(Go)
Dec 4, 2024
CRI-O: Maliciously structured checkpoint file can gain arbitrary node access
Moderate
CVE-2024-8676
was published
for
github.com/cri-o/cri-o
(Go)
Nov 26, 2024
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Moderate
CVE-2024-53259
was published
for
github.com/quic-go/quic-go
(Go)
Dec 2, 2024
Rancher Login Parameter Can Be Edited
Moderate
CVE-2019-11881
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Cilium's Layer 7 policy enforcement may not occur in policies with wildcarded port ranges
Moderate
CVE-2024-52529
was published
for
github.com/cilium/cilium
(Go)
Nov 25, 2024
gqlparser denial of service vulnerability via the parserDirectives function
Moderate
CVE-2023-49559
was published
for
github.com/vektah/gqlparser
(Go)
Jun 12, 2024
Vitess allows HTML injection in /debug/querylogz & /debug/env
Moderate
CVE-2024-53257
was published
for
vitess.io/vitess
(Go)
Dec 3, 2024
Access to Archived Argo Workflows with Fake Token in `client` mode
Moderate
CVE-2024-53862
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Dec 2, 2024
BunkerWeb has Open Redirect Vulnerability in Loading Page
Moderate
CVE-2024-53264
was published
for
github.com/bunkerity/bunkerweb
(Go)
Dec 2, 2024
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts
Moderate
CVE-2024-53858
was published
for
github.com/cli/cli/v2
(Go)
Nov 27, 2024
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace
Moderate
CVE-2024-53859
was published
for
github.com/cli/go-gh/v2
(Go)
Nov 27, 2024
SFTPGo allows administrators to restrict command execution from the EventManager
Moderate
CVE-2024-52309
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Nov 21, 2024
sftpgo vulnerable to brute force takeover of OpenID Connect session cookies
Moderate
CVE-2024-52801
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Dec 2, 2024
Traefik's X-Forwarded-Prefix Header still allows for Open Redirect
Moderate
CVE-2024-52003
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 2, 2024
PingCAP TiDB nil pointer dereference
Moderate
CVE-2024-37820
was published
for
github.com/pingcap/tidb
(Go)
Jun 25, 2024
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
Podman affected by CVE-2024-1753 container escape at build time
Moderate
CVE-2024-1753
was published
for
github.com/containers/podman/v4
(Go)
Mar 28, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Withdrawn Advisory: Kanister vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API