Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,765
Maven
4,990
npm
3,536
NuGet
616
pip
3,105
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+

638 advisories

Loading
Improper use of cryptographic key in wal-g High
CVE-2021-38599 was published for github.com/wal-g/wal-g (Go) Sep 2, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
Incorrect Authorization in ORY Oathkeeper High
CVE-2021-32701 was published for github.com/ory/oathkeeper (Go) Jun 24, 2021
Privilege escalation in Hashicorp Nomad High
CVE-2021-37218 was published for github.com/hashicorp/nomad (Go) Sep 8, 2021
Excessive CPU usage High
CVE-2021-39204 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
HTTP Request Smuggling in github.com/hyperledger/fabric High
CVE-2021-43669 was published for github.com/hyperledger/fabric (Go) Dec 3, 2021
Incorrect handling of H2 GOAWAY + SETTINGS frames High
CVE-2021-39162 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
TiDB authentication bypass vulnerability High
CVE-2022-31011 was published for github.com/pingcap/tidb (Go) Jun 6, 2022
usememos/memos Improper Privilege Management vulnerability High
CVE-2022-4808 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Cross-Site Request Forgery vulnerability High
CVE-2022-4844 was published for github.com/usememos/memos (Go) Dec 29, 2022
Casdoor arbitrary file deletion vulnerability via uploadFile function High
CVE-2022-44942 was published for github.com/casdoor/casdoor (Go) Dec 7, 2022
usememos/memos vulnerable to improper authorization High
CVE-2022-4688 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos makes Incorrect Use of Privileged APIs High
CVE-2022-4687 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4684 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control High
CVE-2022-4689 was published for github.com/usememos/memos (Go) Dec 23, 2022
Free5gc vulnerable to uncontrolled resource consumption High
CVE-2022-38871 was published for github.com/free5gc/free5gc (Go) Nov 19, 2022
ProTip! Advisories are also available from the GraphQL API