GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Go JOSE Signature Validation Bypass
High
CVE-2016-9122
was published
for
gopkg.in/square/go-jose.v1
(Go)
May 18, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server
High
GHSA-2c64-vj8g-vwrq
was published
for
github.com/nats-io/jwt
(Go)
May 21, 2021
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Moderate
CVE-2021-22565
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
Nov 10, 2021
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
Istio may not check inbound TCP connections against istio-policy
High
CVE-2019-12243
was published
for
istio.io/istio
(Go)
Feb 15, 2022
Access Restriction Bypass in kubernetes
High
CVE-2016-1905
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Authorization bypass in Istio
Moderate
CVE-2020-16844
was published
for
istio.io/istio
(Go)
Feb 15, 2022
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2
High
GHSA-9r5x-fjv3-q6h4
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
•
withdrawn
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Gitea Arbitrary File Delete Vulnerability
Moderate
CVE-2019-1000002
was published
for
code.gitea.io/gitea
(Go)
May 13, 2022
HashiCorp Consul Access Restriction Bypass
High
CVE-2019-8336
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
Kubernetes arbitrary file overwrite
Moderate
CVE-2017-1002102
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Access control bypass in beego
Critical
CVE-2022-31259
was published
for
github.com/beego/beego
(Go)
May 22, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
High
CVE-2022-1025
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 13, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
usememos/memos vulnerable to improper access control
Moderate
CVE-2022-4685
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control
High
CVE-2022-4689
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
ProTip!
Advisories are also available from the
GraphQL API