GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
code.gitea.io/gitea Open Redirect vulnerability
Low
CVE-2023-3515
was published
for
code.gitea.io/gitea
(Go)
Jul 5, 2023
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee
Low
GHSA-w5w5-2882-47pc
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Jun 30, 2023
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource
Low
CVE-2023-3485
was published
for
go.temporal.io/server
(Go)
Jun 30, 2023
SpiceDB's LookupResources may return partial results
Low
CVE-2023-35930
was published
for
github.com/authzed/spicedb
(Go)
Jun 28, 2023
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling
Low
CVE-2023-34242
was published
for
github.com/cilium/cilium
(Go)
Jun 16, 2023
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability
Low
GHSA-7c94-gvvj-r3mg
was published
for
github.com/cheqd/cheqd-node
(Go)
Jun 5, 2023
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt
Low
GHSA-qfc5-6r3j-jj22
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Jun 2, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Low
CVE-2023-32684
was published
for
github.com/lima-vm/lima
(Go)
May 31, 2023
etcd Key name can be accessed via LeaseTimeToLive API
Low
CVE-2023-32082
was published
for
github.com/etcd-io/etcd
(Go)
May 12, 2023
Answer Missing Authorization vulnerability
Low
CVE-2023-2590
was published
for
github.com/answerdev/answer
(Go)
May 9, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints
Low
CVE-2023-30844
was published
for
github.com/mutagen-io/mutagen
(Go)
May 5, 2023
Under-validated ComSpec and cmd.exe resolution in Mutagen projects
Low
GHSA-fwj4-72fm-c93g
was published
for
github.com/mutagen-io/mutagen
(Go)
May 5, 2023
Hop-by-hop abuse to malform header mutator
Low
GHSA-w9mr-28mw-j8hg
was published
for
github.com/ory/oathkeeper
(Go)
Apr 26, 2023
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc
Low
CVE-2023-25809
was published
for
github.com/opencontainers/runc
(Go)
Mar 30, 2023
Answer vulnerable to Business Logic Errors
Low
CVE-2023-1541
was published
for
github.com/answerdev/answer
(Go)
Mar 21, 2023
Panic due to malformed WALs in go.etcd.io/etcd
Low
CVE-2020-15106
was published
for
go.etcd.io/etcd
(Go)
Feb 7, 2023
GoBase Race Condition vulnerability
Low
CVE-2022-2583
was published
for
github.com/ntbosscher/gobase
(Go)
Dec 28, 2022
Buildah (as part of Podman) vulnerable to Path Traversal
Low
CVE-2022-4123
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Low
CVE-2022-23466
was published
for
teler.app
(Go)
Dec 6, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/docker/docker
(Go)
Nov 11, 2022
HashiCorp Nomad vulnerable to Insufficient Session Expiration
Low
CVE-2022-3867
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Low
GHSA-9gp7-6833-wv89
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
etcd user credentials are stored in WAL logs in plaintext
Low
GHSA-528j-9r78-wffx
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
ProTip!
Advisories are also available from the
GraphQL API