GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
633 advisories
Filter by severity
Memory exhaustion in HashiCorp Vault
High
CVE-2023-6337
was published
for
github.com/hashicorp/vault
(Go)
Dec 9, 2023
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
github.com/ecies/go vulnerable to possible private key restoration
High
CVE-2023-49292
was published
for
github.com/ecies/go/v2
(Go)
Dec 5, 2023
Traefik docker container using 100% CPU
High
CVE-2023-47633
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Go package github.com/edgelesssys/marblerun CLI commands susceptible to MITM attacks
High
GHSA-j3rq-4xjw-xg63
was published
for
github.com/edgelesssys/marblerun
(Go)
Dec 4, 2023
ZITADEL Account Takeover via Malicious Host Header Injection
High
CVE-2023-49097
was published
for
github.com/zitadel/zitadel
(Go)
Nov 29, 2023
Inefficient Regular Expression Complexity in git-urls
High
CVE-2023-46402
was published
for
github.com/whilp/git-urls
(Go)
Nov 18, 2023
Free5gc allows a local attacker to cause a denial of service via the free5gc-compose component
High
CVE-2023-47025
was published
for
github.com/free5gc/free5gc
(Go)
Nov 17, 2023
free5gc Buffer Overflow vulnerability
High
CVE-2023-47345
was published
for
github.com/free5gc/free5gc
(Go)
Nov 16, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Kubernetes Improper Input Validation vulnerability
High
CVE-2023-5528
was published
for
k8s.io/kubernetes
(Go)
Nov 14, 2023
Fabric vulnerable to crosslinking transaction attack
High
CVE-2023-46132
was published
for
github.com/hyperledger/fabric
(Go)
Nov 14, 2023
otelgrpc DoS vulnerability due to unbound cardinality metrics
High
CVE-2023-47108
was published
for
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
(Go)
Nov 12, 2023
Headscale writes bearer tokens to info-level logs
High
CVE-2023-47390
was published
for
github.com/juanfont/headscale
(Go)
Nov 11, 2023
HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability
High
CVE-2023-5954
was published
for
github.com/hashicorp/vault
(Go)
Nov 9, 2023
ZITADEL race condition in lockout policy execution
High
CVE-2023-47111
was published
for
github.com/zitadel/zitadel
(Go)
Nov 8, 2023
Calico Typha denial of service vulnerability
High
CVE-2023-41378
was published
for
github.com/projectcalico/calico
(Go)
Nov 6, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
High
CVE-2023-3893
was published
for
github.com/kubernetes-csi/csi-proxy
(Go)
Nov 3, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3955
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3676
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
xkeys seal encryption used fixed key for all encryption
High
CVE-2023-46129
was published
for
github.com/nats-io/nats-server/v2
(Go)
Oct 31, 2023
quic-go vulnerable to pointer dereference that can lead to panic
High
CVE-2023-46239
was published
for
github.com/quic-go/quic-go
(Go)
Oct 30, 2023
Cosmos packet-forward-middleware vulnerable to chain-halt
High
GHSA-w6rp-vxj2-fjhr
was published
for
github.com/cosmos/ibc-apps/middleware/packet-forward-middleware/v4
(Go)
Oct 26, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API