GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
636 advisories
Filter by severity
gopkg.in/yaml.v3 Denial of Service
High
CVE-2022-28948
was published
for
gopkg.in/yaml.v3
(Go)
May 20, 2022
Cross-Site Request Forgery in Filebrowser
High
CVE-2021-46398
was published
for
github.com/filebrowser/filebrowser/v2
(Go)
Feb 5, 2022
Go JOSE Signature Validation Bypass
High
CVE-2016-9122
was published
for
gopkg.in/square/go-jose.v1
(Go)
May 18, 2021
golang.org/x/net/html Improper Validation of Array Index vulnerability
High
CVE-2018-17848
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17847
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer
High
CVE-2018-17143
was published
for
golang.org/x/net
(Go)
May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17142
was published
for
golang.org/x/net
(Go)
May 13, 2022
Incorrect Authorization in imgcrypt
High
CVE-2022-24778
was published
for
github.com/containerd/imgcrypt
(Go)
Mar 28, 2022
Path traversal in github.com/valyala/fasthttp
High
CVE-2022-21221
was published
for
github.com/valyala/fasthttp
(Go)
Mar 18, 2022
golang.org/x/net/html Infinite Loop vulnerability
High
CVE-2021-33194
was published
for
golang.org/x/net
(Go)
May 24, 2022
Cloud Foundry Routing Improper Input Validation vulnerability
High
CVE-2019-11289
was published
for
code.cloudfoundry.org/gorouter
(Go)
May 18, 2021
Go Ethereum LES protocol implementation vulnerable to Denial of Service
High
CVE-2018-12018
was published
for
github.com/ethereum/go-ethereum
(Go)
May 14, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability
High
CVE-2018-17075
was published
for
golang.org/x/net
(Go)
May 13, 2022
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
Incorrect Authorization in runc
High
CVE-2019-16884
was published
for
github.com/opencontainers/runc
(Go)
Feb 22, 2022
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
ahh vulnerable to Path Traversal
High
CVE-2020-36559
was published
for
aahframe.work
(Go)
Dec 28, 2022
miekg/dns parsing error leads to nil pointer dereference and DoS
High
CVE-2018-17419
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
x/net/html Vulnerable to DoS During HTML Parsing
High
CVE-2018-17846
was published
for
golang.org/x/net
(Go)
Sep 25, 2023
github.com/russellhaering/gosaml2 is vulnerable to NULL Pointer Dereference
High
CVE-2020-7731
was published
for
github.com/russellhaering/gosaml2
(Go)
Nov 15, 2022
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin
High
CVE-2020-28483
was published
for
github.com/gin-gonic/gin
(Go)
Jun 23, 2021
Denial of Service in jsonparser
High
CVE-2020-35381
was published
for
github.com/buger/jsonparser
(Go)
May 25, 2022
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
goxmldsig vulnerable to crash on nil-pointer dereference caused by sending malformed XML signatures
High
CVE-2020-7711
was published
for
github.com/russellhaering/gosaml2
(Go)
Oct 7, 2022
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
ProTip!
Advisories are also available from the
GraphQL API