Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

12,672 advisories

Loading
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Import loops in account imports, nats-server DoS Low
GHSA-gwj5-3vfq-q992 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
Credited to semoac
CSRF Vuln can expose user's QRcode Low
GHSA-fxq4-r6mr-9x64 was published for Flask-Security-Too (pip) Apr 8, 2021
User enumeration in authentication mechanisms Low
GHSA-g2qj-pmxm-9f8f was published for symfony/security-http (Composer) May 17, 2021
Unauthorized client-side property update in UIDL request handler in Vaadin 10 and 11 Low
GHSA-3h5r-928v-mxhh was published for com.vaadin:vaadin-bom (Maven) Apr 19, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Credited to cyphar
ERC1155Supply vulnerability in OpenZeppelin Contracts Low
GHSA-wmpv-c2jp-j2xg was published for @openzeppelin/contracts (npm) Nov 15, 2021
ChainSecurityAudits
Credited to ChainSecurityAudits
Reflected cross-site scripting in development mode handler in Vaadin Low
GHSA-8vfw-v2jv-9hwc was published for com.vaadin:flow-server (Maven) Jun 28, 2021
User enumeration in authentication mechanisms Low
GHSA-2frx-j9hj-6c65 was published for lexik/jwt-authentication-bundle (Composer) May 17, 2021
mbrodala chalasr
Credited to mbrodala and chalasr
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Credited to Ry0taK
Network policy may be bypassed by some ICMP Echo Requests Low
GHSA-c66w-hq56-4q97 was published for github.com/cilium/cilium (Go) May 21, 2021
brb kkourt
Credited to brb and kkourt
Path traversal when using `preview-docs` when working dir contains files with question mark `?` in name Low
GHSA-q324-q795-2q5p was published for @redocly/openapi-cli (npm) Oct 12, 2021
edkelly-ovo
Credited to edkelly-ovo
Improper Neutralization of Special Elements used in a Command ('Command Injection') in @floffah/build Low
GHSA-jcgr-9698-82jx was published for @floffah/build (npm) May 28, 2021
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Inability to de-op players if listed in ops.txt with non-lowercase letters Low
GHSA-j5qg-w9jg-3wg3 was published for pocketmine/pocketmine-mp (Composer) Dec 16, 2021
SQLite3 addresses vulnerability in packaged version of libsqlite Low
GHSA-mgvv-5mxp-xq67 was published for sqlite3 (RubyGems) Oct 3, 2022
Hardening of TypedArrays with non-canonical numeric property names in SES Low
GHSA-whpx-q3rq-w8jc was published for ses (npm) Oct 20, 2022
Python-TUF vulnerable to incorrect threshold signature computation for new root metadata Low
GHSA-r7vq-6425-j94w was published for tuf (pip) Sep 15, 2022
trishankatdatadog
Credited to trishankatdatadog
Prototype Pollution in node-forge debug API. Low
GHSA-5rrq-pxf6-6jx5 was published for node-forge (npm) Jan 8, 2022
Arbitrary file deletion in NeMo ASR webapp Low
GHSA-rpx7-33j2-xx9x was published for nemo_toolkit (pip) Feb 15, 2022
haby0
Credited to haby0
Prototype Pollution in node-forge util.setPath API Low
GHSA-wxgw-qj99-44c2 was published for node-forge (npm) Jan 8, 2022
Hidden functionality in node-ipc Low
GHSA-8gr3-2gjw-jj7g was published for node-ipc (npm) Mar 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database