GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+
828 advisories
Filter by severity
Skupper uses a static cookie secret for the openshift oauth-proxy
Moderate
CVE-2024-6535
was published
for
github.com/skupperproject/skupper
(Go)
Jul 17, 2024
Hugo Markdown titles do not escaped in internal render hooks
Moderate
CVE-2024-32875
was published
for
github.com/gohugoio/hugo
(Go)
Apr 23, 2024
Kubernetes sets incorrect permissions on Windows containers logs
Moderate
CVE-2024-5321
was published
for
k8s.io/kubernetes
(Go)
Jul 18, 2024
Submariner Operator sets unnecessary RBAC permissions in helm charts
Moderate
CVE-2024-5042
was published
for
github.com/submariner-io/submariner-operator
(Go)
May 17, 2024
Unencrypted traffic between pods when using Wireguard and an external kvstore
Moderate
CVE-2024-25631
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Unencrypted ingress/health traffic when using Wireguard transparent encryption
Moderate
CVE-2024-25630
was published
for
github.com/cilium/cilium
(Go)
Feb 20, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits)
Moderate
CVE-2024-37032
was published
for
github.com/ollama/ollama
(Go)
May 31, 2024
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Moderate
GHSA-qc6v-5g5m-8cw2
was published
for
github.com/zitadel/zitadel-go/v3
(Go)
Jul 15, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
Moderate
CVE-2022-29946
was published
for
github.com/nats-io/nats-server
(Go)
Jul 11, 2024
SQL Injection in the KubeClarity REST API
Moderate
CVE-2024-39909
was published
for
github.com/openclarity/kubeclarity/backend
(Go)
Jul 12, 2024
ZITADEL Vulnerable to Session Information Leakage
Moderate
CVE-2024-39683
was published
for
github.com/zitadel/zitadel
(Go)
Jul 5, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order
Moderate
CVE-2024-6284
was published
for
github.com/google/nftables
(Go)
Jul 4, 2024
Mattermost Server Improper Access Control
Moderate
CVE-2024-29221
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Apr 5, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Moderate
CVE-2020-8567
was published
for
github.com/Azure/secrets-store-csi-driver-provider-azure
(Go)
May 24, 2022
Grafana XSS via a query alias for the ElasticSearch datasource
Moderate
CVE-2020-24303
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Etcd Gateway TLS endpoint validation only confirms TCP reachability
Moderate
GHSA-j86v-2vjr-fg8f
was published
for
go.etcd.io/etcd/v3
(Go)
Feb 3, 2024
Grafana world readable configuration files
Moderate
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana information disclosure
Moderate
CVE-2020-12458
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via the OpenTSDB datasource
Moderate
CVE-2020-13430
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana XSS via a column style
Moderate
CVE-2018-18624
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API