GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Nuclei Template Signature Verification Bypass
High
CVE-2024-43405
was published
for
github.com/projectdiscovery/nuclei
(Go)
Sep 4, 2024
soft-serve vulnerable to arbitrary code execution by crafting git-lfs requests
High
CVE-2024-41956
was published
for
github.com/charmbracelet/soft-serve
(Go)
Aug 2, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Arbitrary Code Execution in Gitea
High
CVE-2020-14144
was published
for
code.gitea.io/gitea
(Go)
Apr 22, 2024
tiagorlampert CHAOS vulnerable to command injections
High
CVE-2024-30850
was published
for
github.com/tiagorlampert/CHAOS
(Go)
Apr 12, 2024
Nuclei allows unsigned code template execution through workflows
High
CVE-2024-27920
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Mar 15, 2024
1Panel command injection vulnerability in Firewall ip functionality
High
CVE-2023-37477
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2023
Command injection in Git package in Wrangler
High
CVE-2022-31249
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Disputed: OS Command injection in github.com/kardianos/service
High
CVE-2022-29583
was published
for
github.com/kardianos/service
(Go)
Apr 23, 2022
•
withdrawn
Code injection in Stripe CLI on windows
High
CVE-2022-24753
was published
for
github.com/stripe/stripe-cli
(Go)
Mar 10, 2022
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Privilege escalation to cluster admin on multi-tenant environments
High
CVE-2021-41254
was published
for
github.com/fluxcd/kustomize-controller
(Go)
Nov 15, 2021
Hugo can execute a binary from the current directory on Windows
High
CVE-2020-26284
was published
for
github.com/gohugoio/hugo
(Go)
Jun 23, 2021
ProTip!
Advisories are also available from the
GraphQL API