GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
49 advisories
Filter by severity
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
HashiCorp Vault Improper Input Validation vulnerability
Moderate
CVE-2023-4680
was published
for
github.com/hashicorp/vault
(Go)
Sep 15, 2023
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Moderate
CVE-2021-20329
was published
for
go.mongodb.org/mongo-driver
(Go)
Jun 15, 2021
snapd failed to properly check the file type when extracting a snap
Moderate
CVE-2024-29068
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order
Moderate
CVE-2024-6284
was published
for
github.com/google/nftables
(Go)
Jul 4, 2024
Minder trusts client-provided mapping from repo name to upstream ID
Moderate
CVE-2024-27093
was published
for
github.com/stacklok/minder
(Go)
Feb 26, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Moderate
GHSA-4j93-fm92-rp4m
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 21, 2024
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
CVE-2023-29194
was published
for
vitess.io/vitess
(Go)
Apr 11, 2023
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability
Moderate
CVE-2023-0229
was published
for
github.com/openshift/apiserver-library-go
(Go)
Jan 26, 2023
Improper use of metav1.Duration allows for Denial of Service
Moderate
CVE-2022-39272
was published
for
github.com/fluxcd/flux2
(Go)
Oct 19, 2022
Temporal Server Denial of Service
Moderate
CVE-2024-2689
was published
for
github.com/temporalio/temporal
(Go)
Apr 4, 2024
Calico vulnerable to pod route hijacking
Moderate
CVE-2022-28224
was published
for
github.com/projectcalico/calico
(Go)
Jun 7, 2022
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Moderate
CVE-2023-47106
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
kube-apiserver vulnerable to policy bypass
Moderate
CVE-2023-2727
was published
for
k8s.io/kubernetes
(Go)
Jul 3, 2023
Kubernetes mountable secrets policy bypass
Moderate
CVE-2023-2728
was published
for
k8s.io/kubernetes
(Go)
Jul 3, 2023
VTAdmin users that can create shards can deny access to other functions
Moderate
CVE-2023-29195
was published
for
vitess.io/vitess
(Go)
May 11, 2023
Improper input validation in github.com/gin-gonic/gin
Moderate
CVE-2023-26125
was published
for
github.com/gin-gonic/gin
(Go)
May 4, 2023
Ingress-nginx `path` sanitization can be bypassed with newline character
Moderate
CVE-2021-25748
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2023
Vega's validators able to submit duplicate transactions
Moderate
CVE-2023-35163
was published
for
code.vegaprotocol.io/vega
(Go)
Jun 20, 2023
Improper random reading in CIRCL
Moderate
CVE-2023-1732
was published
for
github.com/cloudflare/circl
(Go)
May 11, 2023
Kubernetes ingress exposes sensitive information
Moderate
CVE-2018-1002104
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Improper Input Validation in HashiCorp Consul
Moderate
CVE-2020-13170
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API