GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
13 advisories
Filter by severity
Mellium allows Authentication Bypass by Spoofing
Critical
CVE-2024-46957
was published
for
mellium.im/xmpp
(Go)
Sep 25, 2024
CoreDNS Cache Poisoning via a birthday attack
Low
CVE-2023-30464
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Ollama DNS rebinding vulnerability
High
CVE-2024-28224
was published
for
github.com/ollama/ollama
(Go)
Apr 8, 2024
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Moderate
CVE-2024-21494
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Header spoofing in caddy-geo-ip
Moderate
CVE-2023-50463
was published
for
github.com/shift72/caddy-geo-ip
(Go)
Dec 11, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Authentication Bypass in dex
Critical
CVE-2020-27847
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
SAML authentication vulnerability due to stdlib XML parsing
High
CVE-2020-26276
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 11, 2022
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
GitLab auth uses full name instead of username as user ID, allowing impersonation
Critical
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API