Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,857
NuGet
696
pip
3,639
Pub
12
RubyGems
912
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

2,203 advisories

Loading
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Denial of service in go-ethereum High
CVE-2021-42219 was published for github.com/ethereum/go-ethereum (Go) Mar 18, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
SQLinjection in falcon-plus Critical
CVE-2022-26245 was published for github.com/open-falcon/falcon-plus (Go) Mar 28, 2022
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Privilege escalation in beego High
CVE-2021-27116 was published for github.com/beego/beego (Go) Apr 6, 2022
Podman's default inheritable capabilities for linux container not empty High
CVE-2022-27649 was published for github.com/containers/podman/v4 (Go) Apr 1, 2022
AndrewGMorgan
Privilege escalation in beego High
CVE-2021-27117 was published for github.com/beego/beego (Go) Apr 6, 2022
Smokescreen SSRF via deny list bypass Moderate
CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022
gregxsunday
Login screen allows message spoofing if SSO is enabled Moderate
CVE-2022-24905 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Cross-site Scripting in Gogs Moderate
CVE-2022-1464 was published for gogs.io/gogs (Go) May 24, 2022
Improper Control of a Resource Through its Lifetime in Mattermost Moderate
CVE-2022-1385 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske
Incorrect Default Permissions in CRI-O Moderate
CVE-2022-27652 was published for github.com/cri-o/cri-o (Go) Apr 22, 2022
AndrewGMorgan
Access to Unix domain socket can lead to privileges escalation in Cilium High
CVE-2022-29178 was published for github.com/cilium/cilium (Go) May 24, 2022
daniel-f3 danmx
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
Improper path handling in Kustomization files allows for denial of service High
CVE-2022-24878 was published for github.com/fluxcd/flux2 (Go) May 20, 2022
hiddeco
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows High
CVE-2022-29164 was published for github.com/argoproj/argo-workflows/v3 (Go) May 23, 2022
alexec
NULL Pointer Dereference in HyperLedger Fabric High
CVE-2021-43667 was published for github.com/hyperledger/fabric (Go) May 25, 2022
Path traversal in ginadmin High
CVE-2022-30427 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Improper Input Validation in k8s.io/ingress-nginx High
CVE-2021-25745 was published for k8s.io/ingress-nginx (Go) May 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database