Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

773 advisories

Loading
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Ollama Out-of-bounds Read High
CVE-2024-39720 was published for github.com/ollama/ollama (Go) Oct 31, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies High
CVE-2022-31668 was published for github.com/goharbor/harbor (Go) Nov 14, 2024
SiYuan has an arbitrary file read via /api/template/render High
CVE-2024-55657 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources High
CVE-2024-55658 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
SiYuan has an arbitrary file write in the host via /api/asset/upload High
CVE-2024-55659 was published for github.com/siyuan-note/siyuan/kernel (Go) Dec 11, 2024
Elleuch-x1
Path Traversal in Buildah High
CVE-2020-10696 was published for github.com/containers/buildah (Go) May 18, 2021
pgx SQL Injection via Protocol Message Size Overflow High
CVE-2024-27304 was published for github.com/jackc/pgx (Go) Mar 4, 2024
paul-gerste-sonarsource
Kubernetes kubelet arbitrary command execution High
CVE-2024-10220 was published for k8s.io/kubernetes (Go) Nov 22, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy High
GHSA-7prj-hgx4-2xc3 was published for github.com/ryanbekhen/nanoproxy (Go) Dec 12, 2024
Open Cluster Management vulnerable to Trust Boundary Violation High
CVE-2024-9779 was published for open-cluster-management.io/ocm (Go) Dec 18, 2024
Non-linear parsing of case-insensitive content in golang.org/x/net/html High
CVE-2024-45338 was published for golang.org/x/net (Go) Dec 18, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service High
GHSA-5pf6-cq2v-23ww was published for github.com/clidey/whodb/core (Go) Dec 19, 2024
thevilledev
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
MinIO vulnerable to privilege escalation in IAM import API High
CVE-2024-55949 was published for github.com/minio/minio (Go) Dec 16, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion High
GHSA-8wcc-m6j2-qxvm was published for cosmossdk.io/x/tx (Go) Dec 16, 2024
Duplicate Advisory: Gogs allows argument injection during the tagging of a new release High
GHSA-8mm6-wmpp-mmm3 was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Gogs allows argument Injection when tagging new releases High
CVE-2024-39933 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs
Path Traversal in file update API in gogs High
CVE-2024-55947 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
Remote Command Execution in file editing in gogs High
CVE-2024-54148 was published for gogs.io/gogs (Go) Dec 23, 2024
ManassehZhou
Podman vulnerable to memory-based denial of service High
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
OpenShift Hive RCE through AWS/Kubernetes client configuration leads to privilege escalation High
CVE-2024-25133 was published for github.com/openshift/hive (Go) Dec 31, 2024
GoPhish sends cleartext passwords High
CVE-2024-55196 was published for github.com/gophish/gophish (Go) Dec 19, 2024
Karmada PULL Mode Cluster Privilege Escalation High
CVE-2024-56513 was published for github.com/karmada-io/karmada (Go) Jan 3, 2025
zhzhuang-zju RainbowMango
suidpit TheZ3ro
SiYuan has an arbitrary file deletion vulnerability High
CVE-2025-21609 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 3, 2025
N0el4kLs
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database