GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
16 advisories
Filter by severity
Git LFS can execute a Git binary from the current directory on Windows
High
CVE-2021-21237
was published
for
github.com/git-lfs/git-lfs
(Go)
Feb 15, 2022
Gitea Remote Code Execution (RCE)
Critical
CVE-2018-18926
was published
for
code.gitea.io/gitea
(Go)
Feb 15, 2022
Gitea Remote Code Execution
High
CVE-2019-11229
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
Code Injection in CRI-O
High
CVE-2022-0811
was published
for
github.com/cri-o/cri-o
(Go)
Mar 15, 2022
Improper kubeconfig validation allows arbitrary code execution
Critical
CVE-2022-24817
was published
for
github.com/fluxcd/flux2
(Go)
May 16, 2022
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Code injection in ansible semaphore
High
CVE-2023-39059
was published
for
github.com/ansible-semaphore/semaphore
(Go)
Aug 29, 2023
Jumpserver Koko vulnerable to remote code execution on the host system via MongoDB shell
Moderate
CVE-2023-43651
was published
for
github.com/jumpserver/koko
(Go)
Oct 24, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
free5GC AMF denial of service vulnerability
High
CVE-2023-49391
was published
for
github.com/free5gc/amf
(Go)
Dec 22, 2023
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Moderate
CVE-2024-33394
was published
for
kubevirt.io/kubevirt
(Go)
May 2, 2024
Duplicate Advisory: Gogs allows argument injection during the previewing of changes
Critical
GHSA-hf29-9hfh-w63j
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
•
withdrawn
req may send an unintended request when a malformed URL is provided
Moderate
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
Grafana Command Injection And Local File Inclusion Via Sql Expressions
Critical
CVE-2024-9264
was published
for
github.com/grafana/grafana
(Go)
Oct 18, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
ProTip!
Advisories are also available from the
GraphQL API