GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
AdGuardHome vulnerable to Cross-Site Request Forgery
Moderate
CVE-2022-32175
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 11, 2022
csaf-poc/csaf_distribution Cross-site Scripting vulnerability
Moderate
CVE-2022-43996
was published
for
github.com/csaf-poc/csaf_distribution
(Go)
Dec 14, 2022
HashiCorp Consul vulnerable to authorization bypass
Moderate
CVE-2022-40716
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
Moderate
CVE-2022-3866
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
Podman has Files or Directories Accessible to External Parties
Moderate
CVE-2020-1726
was published
for
github.com/containers/podman
(Go)
May 24, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution
Moderate
CVE-2022-31683
was published
for
github.com/concourse/concourse
(Go)
Oct 19, 2022
Hashicorp Nomad Information Exposure Through Environmental Variables
Moderate
CVE-2019-14802
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server
Moderate
CVE-2022-24904
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 23, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39352
was published
for
github.com/openfga/openfga
(Go)
Nov 8, 2022
Uncontrolled Resource Consumption in github.com/google/fscrypt
Moderate
CVE-2022-25326
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
User login denial of service in github.com/google/fscrypt
Moderate
CVE-2022-25327
was published
for
github.com/google/fscrypt
(Go)
Feb 26, 2022
Velociraptor subject to Path Traversal
Moderate
CVE-2023-0290
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 19, 2023
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
ProTip!
Advisories are also available from the
GraphQL API