GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,958
Erlang
29
GitHub Actions
16
Go
1,745
Maven
4,971
npm
3,507
NuGet
609
pip
3,066
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,745 advisories
Filter by severity
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Signature Validation Bypass
Critical
GHSA-rrfw-hg9m-j47h
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
Arbitrary File Override in Docker Engine
Moderate
CVE-2015-3631
was published
for
github.com/moby/moby
(Go)
Feb 15, 2022
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Signature Validation Bypass
Critical
GHSA-5684-g483-2249
was published
for
github.com/russellhaering/gosaml2
(Go)
May 24, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Low
CVE-2021-21291
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
May 25, 2021
Denial of Service in Gitea
High
CVE-2020-13246
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
Denial of service in go-ethereum due to CVE-2020-28362
Critical
GHSA-m6gx-rhvj-fh52
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Insecure Permissions in Gogs
Moderate
CVE-2020-14958
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Directory Traversal in Docker
Moderate
CVE-2014-9358
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
Denial of Service in docker2aci
Moderate
CVE-2016-8579
was published
for
github.com/appc/docker2aci
(Go)
Feb 15, 2022
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed
Moderate
GHSA-57q7-rxqq-7vgp
was published
for
github.com/github/git-sizer
(Go)
Feb 15, 2022
Attack on Kubernetes via Misconfigured Argo Workflows
Moderate
GHSA-rc7p-gmvh-xfx2
was published
for
github.com/argoproj/argo-workflows
(Go)
Aug 2, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API