GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,458
Erlang
29
GitHub Actions
16
Go
1,691
Maven
4,934
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,583 advisories
Filter by severity
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459
Low
GHSA-r3w4-36x6-7r99
was published
for
nokogiri
(RubyGems)
May 14, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(pip)
May 14, 2024
Grafana Race condition allowing privilege escalation
Critical
CVE-2022-39328
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources
Low
CVE-2022-21673
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana directory traversal for .cvs files
Moderate
CVE-2021-43815
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
containerd started with non-empty inheritable Linux process capabilities
Low
GHSA-c9cp-9c75-9v8c
was published
for
github.com/containerd/containerd
(Go)
May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used
Low
CVE-2021-32026
was published
for
https://pkg.go.dev/github.com/nats-io/nats-server/v2
(Go)
May 14, 2024
dotmesh arbitrary file read and/or write
High
CVE-2020-26312
was published
for
github.com/dotmesh-io/dotmesh
(Go)
May 14, 2024
Reportico Web fails to invalidate cookies upon logout
Moderate
CVE-2024-31556
was published
for
reportico-web/reportico
(Composer)
May 14, 2024
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability
Moderate
CVE-2024-30046
was published
for
Microsoft.AspNetCore.App.Runtime.linux-arm
(NuGet)
May 14, 2024
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability
Moderate
CVE-2024-30045
was published
for
Microsoft.NetCore.App.Runtime.linux-arm
(NuGet)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API