GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Improper use of cryptographic key in wal-g
High
CVE-2021-38599
was published
for
github.com/wal-g/wal-g
(Go)
Sep 2, 2021
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone
High
CVE-2020-28924
was published
for
github.com/rclone/rclone
(Go)
Jun 10, 2021
Incorrect Authorization in ORY Oathkeeper
High
CVE-2021-32701
was published
for
github.com/ory/oathkeeper
(Go)
Jun 24, 2021
Privilege escalation in Hashicorp Nomad
High
CVE-2021-37218
was published
for
github.com/hashicorp/nomad
(Go)
Sep 8, 2021
Excessive CPU usage
High
CVE-2021-39204
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Incorrect Privilege Assignment in HashiCorp Vault
High
CVE-2021-42135
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
HTTP Request Smuggling in github.com/hyperledger/fabric
High
CVE-2021-43669
was published
for
github.com/hyperledger/fabric
(Go)
Dec 3, 2021
Incorrect handling of H2 GOAWAY + SETTINGS frames
High
CVE-2021-39162
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Privilege escalation to cluster admin on multi-tenant environments
High
CVE-2021-41254
was published
for
github.com/fluxcd/kustomize-controller
(Go)
Nov 15, 2021
Files or Directories Accessible to External Parties in kubernetes
High
CVE-2021-25741
was published
for
k8s.io/kubernetes
(Go)
Nov 1, 2021
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Improper Authentication in HashiCorp Nomad
High
CVE-2021-43415
was published
for
github.com/hashicorp/nomad
(Go)
Dec 10, 2021
Unsafe inline XSS in pasting DOM element into chat
High
CVE-2021-39183
was published
for
github.com/owncast/owncast
(Go)
Dec 14, 2021
Server-Side Request Forgery in gogs webhook
High
CVE-2022-1285
was published
for
gogs.io/gogs
(Go)
Jun 3, 2022
TiDB authentication bypass vulnerability
High
CVE-2022-31011
was published
for
github.com/pingcap/tidb
(Go)
Jun 6, 2022
usememos/memos Improper Privilege Management vulnerability
High
CVE-2022-4808
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Cross-Site Request Forgery vulnerability
High
CVE-2022-4844
was published
for
github.com/usememos/memos
(Go)
Dec 29, 2022
Casdoor arbitrary file deletion vulnerability via uploadFile function
High
CVE-2022-44942
was published
for
github.com/casdoor/casdoor
(Go)
Dec 7, 2022
usememos/memos vulnerable to improper authorization
High
CVE-2022-4688
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos makes Incorrect Use of Privileged APIs
High
CVE-2022-4687
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4684
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control
High
CVE-2022-4689
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Free5gc vulnerable to uncontrolled resource consumption
High
CVE-2022-38871
was published
for
github.com/free5gc/free5gc
(Go)
Nov 19, 2022
ProTip!
Advisories are also available from the
GraphQL API