GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
218 advisories
Filter by severity
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Git LFS can execute a binary from the current directory on Windows
Critical
CVE-2022-24826
was published
for
github.com/git-lfs/git-lfs
(Go)
Apr 22, 2022
Command Injection Vulnerability with Mercurial in VCS
Critical
CVE-2022-21235
was published
for
github.com/Masterminds/vcs
(Go)
Apr 1, 2022
SQLinjection in falcon-plus
Critical
CVE-2022-26245
was published
for
github.com/open-falcon/falcon-plus
(Go)
Mar 28, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Command Injection in CasaOS
Critical
CVE-2022-24193
was published
for
github.com/IceWhaleTech/CasaOS
(Go)
Mar 11, 2022
Off-by-one Error in v2fly/v2ray-core
Critical
CVE-2021-4070
was published
for
github.com/v2fly/v2ray-core
(Go)
Feb 24, 2022
Grafana Authentication Bypass
Critical
CVE-2018-15727
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Gitea Remote Code Execution (RCE)
Critical
CVE-2018-18926
was published
for
code.gitea.io/gitea
(Go)
Feb 15, 2022
Use After Free in HashiCorp Nomad
Critical
CVE-2020-27195
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Privilege Escalation in Kubernetes
Critical
CVE-2018-1002105
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
nats-io/jwt not enforcing checking of Import token permissions
Critical
CVE-2021-3127
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
Authentication Bypass in github.com/russellhaering/gosaml2
Critical
CVE-2020-29509
was published
for
github.com/russellhaering/gosaml2
(Go)
Feb 11, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
Critical
CVE-2020-26892
was published
for
github.com/nats-io/jwt
(Go)
Feb 11, 2022
Git LFS can execute a Git binary from the current directory
Critical
CVE-2020-27955
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 11, 2022
Reuse of one time passwords allowed in Gitea
Critical
CVE-2021-45331
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Improper Privilege Management in Gitea
Critical
CVE-2021-45330
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme
Critical
GHSA-gp6j-vx54-5pmf
was published
for
github.com/keep-network/keep-ecdsa
(Go)
Jan 6, 2022
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
Critical security issues in XML encoding in github.com/dexidp/dex
Critical
CVE-2020-26290
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
Authorization bypass in Openshift
Critical
CVE-2016-1906
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Critical
CVE-2021-32637
was published
for
github.com/authelia/authelia/v4
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API