GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
Denied Host Validation Bypass in Zitadel Actions
Moderate
CVE-2024-49753
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
req may send an unintended request when a malformed URL is provided
High
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
snapd failed to properly check the file type when extracting a snap
Moderate
CVE-2024-29068
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
github.com/google/nftable IP addresses were encoded in the wrong byte order
Moderate
CVE-2024-6284
was published
for
github.com/google/nftables
(Go)
Jul 4, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service
Moderate
CVE-2024-38359
was published
for
github.com/lightningnetwork/lnd
(Go)
Jun 20, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Low
CVE-2024-3177
was published
for
k8s.io/kubernetes
(Go)
Apr 23, 2024
Temporal Server Denial of Service
Moderate
CVE-2024-2689
was published
for
github.com/temporalio/temporal
(Go)
Apr 4, 2024
Improper HTML sanitization in ZITADEL
High
CVE-2024-28855
was published
for
github.com/zitadel/zitadel
(Go)
Mar 18, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions
High
GHSA-95rx-m9m5-m94v
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Mar 12, 2024
Coder's OIDC authentication allows email with partially matching domain to register
High
CVE-2024-27918
was published
for
github.com/coder/coder
(Go)
Mar 4, 2024
Minder trusts client-provided mapping from repo name to upstream ID
Moderate
CVE-2024-27093
was published
for
github.com/stacklok/minder
(Go)
Feb 26, 2024
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module
Moderate
GHSA-4j93-fm92-rp4m
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Feb 21, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Maliciously crafted Git server replies can cause DoS on go-git clients
High
CVE-2023-49568
was published
for
github.com/go-git/go-git/v5
(Go)
Dec 27, 2023
Traefik incorrectly processes fragment in the URL, leads to Authorization Bypass
Moderate
CVE-2023-47106
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 5, 2023
Kubernetes Improper Input Validation vulnerability
High
CVE-2023-5528
was published
for
k8s.io/kubernetes
(Go)
Nov 14, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation
High
CVE-2023-3893
was published
for
github.com/kubernetes-csi/csi-proxy
(Go)
Nov 3, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3955
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Kubernetes privilege escalation vulnerability
High
CVE-2023-3676
was published
for
k8s.io/kubernetes
(Go)
Oct 31, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation
High
CVE-2023-5044
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Ingress-nginx path sanitization can be bypassed
High
CVE-2022-4886
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
ProTip!
Advisories are also available from the
GraphQL API