GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users
Critical
GHSA-hw4x-mcx5-9q36
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Teleport Access List owners can escalate their privileges
Critical
GHSA-76cc-p55w-63g3
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
SQL injection vulnerability in Meshery
Critical
CVE-2023-46575
was published
for
github.com/layer5io/meshery
(Go)
Nov 24, 2023
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
NATS nats-server allows directory traversal via unintended path to a management action
Critical
CVE-2022-28357
was published
for
github.com/nats-io/nats-server
(Go)
Sep 19, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Rancher Webhook is misconfigured during upgrade process
Critical
CVE-2023-22651
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2023
CSRF Token Reuse Vulnerability
Critical
CVE-2023-45128
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
CasaOS Gateway vulnerable to incorrect identification of source IP addresses
Critical
CVE-2023-37265
was published
for
github.com/IceWhaleTech/CasaOS-Gateway
(Go)
Jul 17, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
Brook's tproxy server is vulnerable to a drive-by command injection.
Critical
CVE-2023-33965
was published
for
github.com/txthinking/brook
(Go)
Jun 6, 2023
Signature validation bypass in github.com/moov-io/signedxml
Critical
CVE-2023-34205
was published
for
github.com/moov-io/signedxml
(Go)
May 30, 2023
Consensys gnark-crypto allows Signature Malleability
Critical
CVE-2023-44273
was published
for
github.com/Consensys/gnark-crypto
(Go)
Sep 28, 2023
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2023-22647
was published
for
rancher/rancher
(Go)
Jun 6, 2023
Account TakeOver Due to Improper Handling of JWT Tokens in usememos/memos
Critical
CVE-2023-4696
was published
for
github.com/usememos/memos
(Go)
Sep 1, 2023
Wings vulnerable to escape to host from installation container
Critical
CVE-2023-32080
was published
for
github.com/pterodactyl/wings
(Go)
May 11, 2023
KubePi Privilege Escalation vulnerability
Critical
CVE-2023-37917
was published
for
github.com/KubeOperator/kubepi
(Go)
Jul 21, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound
Critical
CVE-2023-43644
was published
for
github.com/sagernet/sing
(Go)
Sep 26, 2023
Argo CD cluster secret might leak in cluster details page
Critical
CVE-2023-40029
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Sep 11, 2023
Pomerium vulnerable to Incorrect Authorization with specially crafted requests
Critical
CVE-2023-33189
was published
for
github.com/pomerium/pomerium
(Go)
May 26, 2023
DevSpace vulnerable to remote code execution
Critical
CVE-2020-15391
was published
for
github.com/loft-sh/devspace
(Go)
May 24, 2022
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Critical
CVE-2023-32188
was published
for
github.com/neuvector/neuvector
(Go)
Oct 6, 2023
Use After Free in HashiCorp Nomad
Critical
CVE-2020-27195
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API