GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,972
Erlang
29
GitHub Actions
16
Go
1,762
Maven
4,983
npm
3,518
NuGet
609
pip
3,094
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Session Middleware Token Injection Vulnerability
Critical
CVE-2024-38513
was published
for
github.com/gofiber/fiber
(Go)
Jul 1, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Critical
CVE-2023-32191
was published
for
github.com/rancher/rke
(Go)
Jun 17, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery
Critical
CVE-2024-5262
was published
for
github.com/projectdiscovery/interactsh
(Go)
Jun 5, 2024
ArgoCD Vulnerable to Use of Risky or Missing Cryptographic Algorithms in Redis Cache
Critical
CVE-2024-31989
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2024
Grafana Race condition allowing privilege escalation
Critical
CVE-2022-39328
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Fine-grained access control vulnerability
Critical
CVE-2021-41244
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Critical
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
Some CORS middleware allow untrusted origins
Critical
GHSA-v84h-653v-4pq9
was published
for
github.com/jub0bs/fcors
(Go)
May 3, 2024
Some CORS middleware allow untrusted origins
Critical
GHSA-vhxv-fg4m-p2w8
was published
for
github.com/jub0bs/cors
(Go)
May 3, 2024
Improper Access Control in Gitea
Critical
CVE-2020-28991
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Privilege Escalation in kubevirt
Critical
CVE-2020-14316
was published
for
kubevirt.io/kubevirt
(Go)
Apr 24, 2024
HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
Critical
CVE-2024-3817
was published
for
github.com/hashicorp/go-getter
(Go)
Apr 17, 2024
Evmos vulnerable to DOS and transaction fee expropiation through Authz exploit
Critical
GHSA-v6rw-hhgg-wc4x
was published
for
github.com/evmos/evmos/v11
(Go)
Apr 17, 2024
Evmos transaction execution not accounting for all state transition after interaction with precompiles
Critical
CVE-2024-32644
was published
for
github.com/evmos/evmos/v16
(Go)
Apr 10, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Critical
GHSA-j496-crgh-34mx
was published
for
github.com/cosmos/ibc-go
(Go)
Apr 5, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access
Critical
CVE-2024-27102
was published
for
github.com/pterodactyl/wings
(Go)
Mar 15, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Transparent TLS may not be applied to Marbles with certain manifest configurations
Critical
GHSA-x5r5-2qrx-rqj8
was published
for
github.com/edgelesssys/marblerun
(Go)
Feb 27, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
BuildKit vulnerable to possible host system access from mount stub cleaner
Critical
CVE-2024-23652
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
ProTip!
Advisories are also available from the
GraphQL API