GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Broken Authorization in ZITADEL Actions
High
CVE-2022-36051
was published
for
github.com/zitadel/zitadel
(Go)
Aug 30, 2022
Improper Privilege Management in Cilium
High
CVE-2022-29179
was published
for
github.com/cilium/cilium
(Go)
May 24, 2022
Elrond-GO processing: fallback search of SCRs when not found in the main cache
High
CVE-2022-46173
was published
for
github.com/ElrondNetwork/elrond-go
(Go)
Dec 30, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct
High
CVE-2022-35936
was published
for
github.com/Kava-Labs/kava
(Go)
Aug 18, 2022
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace
High
CVE-2022-46167
was published
for
github.com/clastix/capsule
(Go)
Dec 5, 2022
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers
High
CVE-2020-14359
was published
for
github.com/keycloak/keycloak-gatekeeper
(Go)
Feb 9, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling
High
CVE-2022-24685
was published
for
github.com/hashicorp/nomad
(Go)
Mar 1, 2022
Velociraptor vulnerable to Missing Authorization
High
CVE-2023-0242
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 18, 2023
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)
High
CVE-2022-25850
was published
for
github.com/hoppscotch/proxyscotch
(Go)
May 3, 2022
Arbitrary file deletion in gitea
High
CVE-2022-27313
was published
for
code.gitea.io/gitea
(Go)
May 4, 2022
Missing Authorization in HashiCorp Consul
High
CVE-2022-3920
was published
for
github.com/hashicorp/consul
(Go)
Nov 16, 2022
Infinite loop in Yubico yubihsm-connector
High
CVE-2021-28484
was published
for
github.com/Yubico/yubihsm-connector
(Go)
Feb 15, 2022
SAML authentication vulnerability due to stdlib XML parsing
High
CVE-2020-26276
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 11, 2022
Link Following in Kata Runtime
High
CVE-2020-2026
was published
for
github.com/kata-containers/runtime
(Go)
Feb 15, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Privilege escalation in rbac
High
CVE-2021-22538
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
May 21, 2021
Hugo can execute a binary from the current directory on Windows
High
CVE-2020-26284
was published
for
github.com/gohugoio/hugo
(Go)
Jun 23, 2021
Access control flaw in Kiali
High
CVE-2021-3495
was published
for
github.com/kiali/kiali
(Go)
Jun 8, 2021
Improper Resource Shutdown or Release in HashiCorp Vault
High
CVE-2020-7220
was published
for
github.com/hashicorp/vault
(Go)
Jul 28, 2021
Path traversal and files overwrite with unsquashfs in singularity
High
CVE-2020-15229
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Incorrect Authorization with specially crafted requests
High
CVE-2021-39206
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
ExternalName Services can be used to gain access to Envoy's admin interface
High
CVE-2021-32783
was published
for
github.com/projectcontour/contour
(Go)
Aug 30, 2021
ProTip!
Advisories are also available from the
GraphQL API