GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,748
Maven
4,978
npm
3,509
NuGet
609
pip
3,075
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+
177 advisories
Filter by severity
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Tailscale Windows daemon is vulnerable to RCE via CSRF
Critical
CVE-2022-41924
was published
for
tailscale.com
(Go)
Nov 21, 2022
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
gitjacker arbitrary code execution
Critical
CVE-2021-29417
was published
for
github.com/liamg/gitjacker
(Go)
May 24, 2022
glot-code-runner RCE
Critical
CVE-2018-15747
was published
for
github.com/prasmussen/glot-code-runner
(Go)
May 24, 2022
Helm Improper Certificate Validation
Critical
CVE-2019-1010275
was published
for
helm.sh/helm
(Go)
May 24, 2022
Casdoor arbitrary file write vulnerability
Critical
CVE-2022-38638
was published
for
github.com/casdoor/casdoor
(Go)
Sep 10, 2022
KubeView vulnerable to full cluster takeover due to improper authentication
Critical
CVE-2022-45933
was published
for
github.com/benc-uk/kubeview
(Go)
Nov 27, 2022
EnvoyProxy Envoy Missing HTTP URL path normalization
Critical
CVE-2019-9901
was published
for
github.com/envoyproxy/envoy
(Go)
May 24, 2022
go-unzip vulnerable to Path Traversal
Critical
CVE-2020-36560
was published
for
github.com/artdarek/go-unzip
(Go)
Dec 28, 2022
Path Traversal in Beego
Critical
CVE-2022-31836
was published
for
github.com/beego/beego
(Go)
Jul 6, 2022
Access control bypass in beego
Critical
CVE-2022-31259
was published
for
github.com/beego/beego
(Go)
May 22, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption
Critical
CVE-2021-4236
was published
for
github.com/ecnepsnai/web
(Go)
Dec 28, 2022
Labstack Echo Open Redirect vulnerability
Critical
CVE-2022-40083
was published
for
github.com/labstack/echo/v4
(Go)
Sep 29, 2022
Skipper vulnerable to SSRF via X-Skipper-Proxy
Critical
CVE-2022-38580
was published
for
github.com/zalando/skipper
(Go)
Oct 25, 2022
Unzip vulnerable to path traversal
Critical
CVE-2020-36561
was published
for
github.com/yi-ge/unzip
(Go)
Dec 28, 2022
tar-utils Path Traversal vulnerability
Critical
CVE-2020-36566
was published
for
github.com/whyrusleeping/tar-utils
(Go)
Dec 28, 2022
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli
Critical
GHSA-h24c-6p6p-m3vx
was published
for
github.com/bnb-chain/tss-lib
(Go)
Sep 1, 2023
Gitea Remote Code Execution (RCE)
Critical
CVE-2018-18926
was published
for
code.gitea.io/gitea
(Go)
Feb 15, 2022
Reuse of one time passwords allowed in Gitea
Critical
CVE-2021-45331
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
Improper Authentication in Apache Traffic Control
Critical
CVE-2019-12405
was published
for
github.com/apache/trafficcontrol
(Go)
May 18, 2021
Hashicorp Nomad Access Control Issues
Critical
CVE-2019-12618
was published
for
github.com/hashicorp/nomad
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API