Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

32 advisories

Loading
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions High
CVE-2021-41803 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
anonymous4ACL24
Nomad Search API Leaks Information About CSI Plugins Moderate
CVE-2023-3300 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Nomad ACL Policies without Label are Applied to Unexpected Resources Moderate
CVE-2023-3072 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
Pebble service manager's file pull API allows access by any user Moderate
CVE-2024-3250 was published for github.com/canonical/pebble (Go) Apr 5, 2024
hpidcock benhoyt
1Panel arbitrary file write vulnerability High
CVE-2023-39966 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
Answer Missing Authorization vulnerability Low
CVE-2023-2590 was published for github.com/answerdev/answer (Go) May 9, 2023
Duplicate Advisory: Grafana Improper Access Control vulnerability Moderate
GHSA-wm7r-3qxj-5xgq was published for github.com/grafana/grafana (Go) Jun 6, 2023 withdrawn
Answer Missing Authorization vulnerability High
CVE-2023-4124 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Mattermost fails to correctly delete attachments Low
CVE-2023-4105 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Mattermost fails to check if user is a guest before performing actions on public playbooks Moderate
CVE-2023-4106 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Mattermost Server Missing Authorization vulnerability Moderate
CVE-2023-2783 was published for github.com/mattermost/mattermost-server/v6 (Go) Jun 16, 2023
Authenticated users can exploit an enumeration vulnerability in Harbor Moderate
CVE-2020-13794 was published for github.com/goharbor/harbor (Go) May 24, 2021
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Missing Authorization in Harbor Moderate
CVE-2019-16097 was published for github.com/goharbor/harbor (Go) Feb 15, 2022
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
KubePi may allow unauthorized access to system API High
CVE-2023-22478 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
suanve
Mattermost Server Sensitive Data Exposure Moderate
CVE-2020-14457 was published for github.com/mattermost/mattermost (Go) May 24, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
Mattermost fails to properly authentication inviter's permissions to private channel Moderate
CVE-2023-1774 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
ProTip! Advisories are also available from the GraphQL API