GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,956
Erlang
29
GitHub Actions
16
Go
1,740
Maven
4,967
npm
3,507
NuGet
609
pip
3,064
Pub
10
RubyGems
832
Rust
780
Swift
34
Unreviewed advisories
All unreviewed
5,000+
62 advisories
Filter by severity
PocketBase performs password auth and OAuth2 unverified email linking
Moderate
CVE-2024-38351
was published
for
github.com/pocketbase/pocketbase
(Go)
Jun 18, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Rancher Recreates Default User With Known Password Despite Deletion
Critical
CVE-2019-11202
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
ZITADEL's Improper Lockout Mechanism Leads to MFA Bypass
Moderate
CVE-2024-32868
was published
for
github.com/zitadel/zitadel
(Go)
Apr 25, 2024
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Gitea Allows 1FA Even for 2FA-Enrolled Accounts
Critical
CVE-2019-11576
was published
for
code.gitea.io/gitea
(Go)
May 24, 2022
Access Restriction Bypass in go-ldap
High
CVE-2017-14623
was published
for
github.com/go-ldap/ldap
(Go)
Feb 15, 2022
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Critical
CVE-2021-32637
was published
for
github.com/authelia/authelia/v4
(Go)
Dec 20, 2021
Improper Authentication in HashiCorp Vault
High
CVE-2021-3282
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault/vault
(Go)
Jan 31, 2024
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records
Moderate
CVE-2020-15136
was published
for
go.etcd.io/etcd
(Go)
Jan 31, 2024
Authentik vulnerable to PKCE downgrade attack
Moderate
CVE-2024-23647
was published
for
goauthentik.io
(Go)
Jan 29, 2024
kyverno verifyImages rule bypass possible with malicious proxy/registry
High
CVE-2022-47633
was published
for
github.com/kyverno/kyverno
(Go)
Dec 21, 2022
Prometheus Exporter-Toolkit is vulnerable to authentication bypass
Moderate
CVE-2022-46146
was published
for
github.com/prometheus/exporter-toolkit
(Go)
Dec 2, 2022
Account compromise in Evmos
High
CVE-2022-24738
was published
for
github.com/tharsis/evmos
(Go)
Mar 7, 2022
Authentication bypass vulnerability in navidrome's subsonic endpoint
High
CVE-2023-51442
was published
for
github.com/navidrome/navidrome
(Go)
Dec 19, 2023
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
Improper configuration of RBAC permissions obtaining cluster control permissions
Critical
CVE-2023-33190
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
CasaOS contains weak JWT secrets
Critical
CVE-2023-37266
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Jul 17, 2023
Dapr API token authentication bypass in HTTP endpoints
Moderate
CVE-2023-37918
was published
for
github.com/dapr/dapr
(Go)
Jul 21, 2023
Soft Serve Public Key Authentication Bypass Vulnerability when Keyboard-Interactive SSH Authentication is Enabled
High
CVE-2023-43809
was published
for
github.com/charmbracelet/soft-serve
(Go)
Oct 2, 2023
Sealos billing system permission control defect
High
CVE-2023-36815
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
ProTip!
Advisories are also available from the
GraphQL API