GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,991
Erlang
29
GitHub Actions
16
Go
1,779
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
793
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,779 advisories
Filter by severity
Improper Input Validation in k8s.io/ingress-nginx
High
CVE-2021-25745
was published
for
k8s.io/ingress-nginx
(Go)
May 7, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Path traversal in ginadmin
High
CVE-2022-30427
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Incorrect Default Permissions in CRI-O
Moderate
CVE-2022-27652
was published
for
github.com/cri-o/cri-o
(Go)
Apr 22, 2022
NULL Pointer Dereference in HyperLedger Fabric
High
CVE-2021-43667
was published
for
github.com/hyperledger/fabric
(Go)
May 25, 2022
Access to Unix domain socket can lead to privileges escalation in Cilium
High
CVE-2022-29178
was published
for
github.com/cilium/cilium
(Go)
May 24, 2022
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows
High
CVE-2022-29164
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
May 23, 2022
Improper path handling in Kustomization files allows for denial of service
High
CVE-2022-24878
was published
for
github.com/fluxcd/flux2
(Go)
May 20, 2022
Arbitrary command execution in Minidoc
High
CVE-2022-29637
was published
for
github.com/mindoc-org/mindoc
(Go)
May 27, 2022
Git LFS can execute a binary from the current directory on Windows
Critical
CVE-2022-24826
was published
for
github.com/git-lfs/git-lfs
(Go)
Apr 22, 2022
Improper Control of a Resource Through its Lifetime in Mattermost
Moderate
CVE-2022-1385
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Cross-site Scripting in Gogs
Moderate
CVE-2022-1464
was published
for
gogs.io/gogs
(Go)
May 24, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Insecure plugin handling in Mattermost
High
CVE-2022-1384
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Login screen allows message spoofing if SSO is enabled
Moderate
CVE-2022-24905
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Smokescreen SSRF via deny list bypass
Moderate
CVE-2022-24825
was published
for
github.com/stripe/smokescreen
(Go)
Apr 7, 2022
Privilege escalation in beego
High
CVE-2021-27117
was published
for
github.com/beego/beego
(Go)
Apr 6, 2022
Podman's default inheritable capabilities for linux container not empty
High
CVE-2022-27649
was published
for
github.com/containers/podman/v4
(Go)
Apr 1, 2022
Privilege escalation in beego
High
CVE-2021-27116
was published
for
github.com/beego/beego
(Go)
Apr 6, 2022
Unrestricted Upload of File with Dangerous Type in Gogs
High
CVE-2022-0415
was published
for
gogs.io/gogs
(Go)
Mar 28, 2022
SQLinjection in falcon-plus
Critical
CVE-2022-26245
was published
for
github.com/open-falcon/falcon-plus
(Go)
Mar 28, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Denial of service in go-ethereum
High
CVE-2021-42219
was published
for
github.com/ethereum/go-ethereum
(Go)
Mar 18, 2022
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
ProTip!
Advisories are also available from the
GraphQL API