GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
15 advisories
Filter by severity
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Insecure plugin handling in Mattermost
High
CVE-2022-1384
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Velociraptor vulnerable to Missing Authorization
High
CVE-2023-0242
was published
for
www.velocidex.com/golang/velociraptor
(Go)
Jan 18, 2023
Missing Authorization in HashiCorp Consul
High
CVE-2022-3920
was published
for
github.com/hashicorp/consul
(Go)
Nov 16, 2022
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation
High
CVE-2023-1782
was published
for
github.com/hashicorp/nomad
(Go)
Apr 5, 2023
Gitea Missing Authorization vulnerability
High
CVE-2022-0905
was published
for
code.gitea.io/gitea
(Go)
Mar 11, 2022
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
Gogs vulnerable to improper PAM authorization handling
High
CVE-2022-0871
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
KubePi may allow unauthorized access to system API
High
CVE-2023-22478
was published
for
github.com/KubeOperator/kubepi
(Go)
Jan 9, 2023
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Sealos billing system permission control defect
High
CVE-2023-36815
was published
for
github.com/labring/sealos
(Go)
Jun 30, 2023
Answer Missing Authorization vulnerability
High
CVE-2023-4124
was published
for
github.com/answerdev/answer
(Go)
Aug 3, 2023
1Panel arbitrary file write vulnerability
High
CVE-2023-39966
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions
High
CVE-2021-41803
was published
for
github.com/hashicorp/consul
(Go)
Sep 25, 2022
ProTip!
Advisories are also available from the
GraphQL API