GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,013
Erlang
29
GitHub Actions
16
Go
1,806
Maven
5,000+
npm
3,553
NuGet
632
pip
3,148
Pub
10
RubyGems
847
Rust
796
Swift
34
Unreviewed advisories
All unreviewed
5,000+
654 advisories
Filter by severity
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
High
GHSA-95rx-m9m5-m94v
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Mar 12, 2024
Account Takeover via Session Fixation in Zitadel [Bypassing MFA]
High
CVE-2024-28197
was published
for
github.com/zitadel/zitadel
(Go)
Mar 11, 2024
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
High
CVE-2024-24767
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
CasaOS-UserService allows unauthorized access to any file
High
CVE-2024-24765
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user
High
CVE-2024-27916
was published
for
github.com/stacklok/minder
(Go)
Mar 5, 2024
Incorrect TLS certificate auth method in Vault
High
CVE-2024-2048
was published
for
github.com/hashicorp/vault
(Go)
Mar 4, 2024
Coder's OIDC authentication allows email with partially matching domain to register
High
CVE-2024-27918
was published
for
github.com/coder/coder
(Go)
Mar 4, 2024
Integer overflow in chunking helper causes dispatching to miss elements or panic
High
CVE-2024-27101
was published
for
github.com/authzed/spicedb
(Go)
Mar 1, 2024
Helm's Missing YAML Content Leads To Panic
High
CVE-2024-26147
was published
for
helm.sh/helm/v3
(Go)
Feb 22, 2024
registry-support: decompress can delete files outside scope via relative paths
High
CVE-2024-1485
was published
for
github.com/devfile/registry-support/registry-library
(Go)
Feb 14, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
Rancher API Server Cross-site Scripting Vulnerability
High
CVE-2023-32192
was published
for
github.com/rancher/apiserver
(Go)
Feb 8, 2024
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Boundary vulnerable to session hijacking through TLS certificate tampering
High
CVE-2024-1052
was published
for
github.com/hashicorp/boundary
(Go)
Feb 5, 2024
Talos Linux ships runc vulnerable to the escape to the host attack
High
GHSA-g5p6-327m-3fxx
was published
for
github.com/siderolabs/talos
(Go)
Feb 2, 2024
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation
High
CVE-2024-24747
was published
for
github.com/minio/minio
(Go)
Feb 1, 2024
Grafana path traversal
High
CVE-2021-43798
was published
for
github.com/grafana/grafana
(Go)
Feb 1, 2024
Docker Authentication Bypass
High
CVE-2018-12608
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Improper Authentication in HashiCorp Vault
High
CVE-2021-3282
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
Denial of service in HashiCorp Consul
High
CVE-2020-25201
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts
High
CVE-2024-23651
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
ProTip!
Advisories are also available from the
GraphQL API