GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
691 advisories
Filter by severity
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
ZITADEL's Service Users Deactivation not Working
High
GHSA-qr2h-7pwm-h393
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
GHSA-2w5j-qfvw-2hf5
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
CoreDNS vulnerable to TuDoor Attacks
High
CVE-2023-28452
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
req may send an unintended request when a malformed URL is provided
High
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman
(Go)
May 13, 2022
go-ethereum vulnerable to denial of service via crafted GraphQL query
High
CVE-2023-42319
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 18, 2023
pgx SQL Injection via Protocol Message Size Overflow
High
CVE-2024-27304
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
High
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Line Comment Creation
High
CVE-2024-27289
was published
for
github.com/jackc/pgx
(Go)
Mar 4, 2024
free5GC AMF denial of service vulnerability
High
CVE-2023-49391
was published
for
github.com/free5gc/amf
(Go)
Dec 22, 2023
Path traversal vulnerability in stripe-cli
High
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
Silver vulnerable to MitM attack against implants due to a cryptography vulnerability
High
CVE-2023-34758
was published
for
github.com/bishopfox/sliver
(Go)
Jun 21, 2023
Buffer Overflow vulnerability in osrg gobgp
High
CVE-2023-46565
was published
for
github.com/osrg/gobgp/v3
(Go)
Apr 29, 2024
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
High
CVE-2019-19025
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
High
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Interchain Security: The signers of ICS messages do not need to match the provider address
High
GHSA-7q74-g774-7x3g
was published
for
github.com/cosmos/interchain-security
(Go)
Sep 5, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Gogs allows argument injection during the tagging of a new release
High
CVE-2024-39933
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-6468
was published
for
github.com/hashicorp/vault
(Go)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API