GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
196 advisories
Filter by severity
Navidrome has Multiple SQL Injections and ORM Leak
Critical
CVE-2024-47062
was published
for
github.com/navidrome/navidrome
(Go)
Sep 20, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
Dragonfly2 has hard coded cyptographic key
Critical
CVE-2023-27584
was published
for
d7y.io/dragonfly/v2
(Go)
Sep 19, 2024
OpenShift Controller Manager Improper Privilege Management
Critical
CVE-2024-45496
was published
for
github.com/openshift/openshift-controller-manager
(Go)
Sep 17, 2024
OpenShift Builder has a path traversal, allows command injection in privileged BuildContainer
Critical
CVE-2024-7387
was published
for
github.com/openshift/builder
(Go)
Sep 17, 2024
Grafana plugin SDK Information Leakage
Critical
CVE-2024-8986
was published
for
github.com/grafana/grafana-plugin-sdk-go
(Go)
Sep 19, 2024
go.uuid has Predictable UUID Identifiers
Critical
CVE-2021-3538
was published
for
github.com/satori/go.uuid
(Go)
Feb 7, 2023
Chaosblade vulnerable to OS command execution
Critical
CVE-2023-47105
was published
for
github.com/chaosblade-io/chaosblade
(Go)
Sep 18, 2024
Rancher vulnerable to Privilege Escalation via manipulation of Secrets
Critical
CVE-2023-22647
was published
for
github.com/rancher/rancher
(Go)
Jun 6, 2023
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
SQL injection in github.com/stashapp/stash
Critical
CVE-2024-32231
was published
for
github.com/stashapp/stash
(Go)
Aug 15, 2024
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
github.com/gogs/gogs affected by CVE-2024-39930
Critical
CVE-2024-39930
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Authz zero length regression
Critical
CVE-2024-41110
was published
for
github.com/docker/docker
(Go)
Jul 30, 2024
Gogs allows argument injection during the previewing of changes
Critical
CVE-2024-39932
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Gogs allows deletion of internal files
Critical
CVE-2024-39931
was published
for
github.com/gogs/gogs
(Go)
Jul 4, 2024
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Gitea Cross-site Scripting Vulnerability
Critical
CVE-2024-6886
was published
for
code.gitea.io/gitea
(Go)
Aug 6, 2024
Volcano has insecure permissions
Critical
CVE-2024-36533
was published
for
github.com/volcano-sh/volcano
(Go)
Jul 24, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Grafana Race condition allowing privilege escalation
Critical
CVE-2022-39328
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
ProTip!
Advisories are also available from the
GraphQL API