Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
Answer vulnerable to Authentication Bypass by Capture-replay Critical
CVE-2023-1537 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Ansible Semaphore mishandles authentication Critical
CVE-2023-28609 was published for github.com/ansible-semaphore/semaphore (Go) Mar 18, 2023
Full authentication bypass if SASL authorization username is specified Critical
CVE-2023-27582 was published for github.com/foxcpp/maddy (Go) Mar 14, 2023
Gogs OS Command Injection vulnerability Critical
CVE-2022-2024 was published for gogs.io/gogs (Go) Feb 28, 2023
cokeBeer
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
Pterodactyl Wings contains UNIX Symbolic Link (Symlink) Following resulting in deletion of files and directories on the host system Critical
CVE-2023-25168 was published for github.com/pterodactyl/wings (Go) Feb 10, 2023
T4x0r
Answer contains Cross-site Scripting vulnerability Critical
CVE-2023-0742 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Cross-site scripting vulnerability found in answerdev/answer Critical
CVE-2023-0740 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer subject to Cross-site Scripting vulnerability Critical
CVE-2023-0743 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer has Cross-site Scripting vulnerability Critical
CVE-2023-0741 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Answer contains Improper Access Control vulnerability Critical
CVE-2023-0744 was published for github.com/answerdev/answer (Go) Feb 8, 2023
go.uuid has Predictable UUID Identifiers Critical
CVE-2021-3538 was published for github.com/satori/go.uuid (Go) Feb 7, 2023
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
Squalor SQL Injection vulnerability Critical
CVE-2020-36645 was published for github.com/square/squalor (Go) Jan 7, 2023
gosqljson SQL Injection vulnerability Critical
CVE-2014-125064 was published for github.com/elgs/gosqljson (Go) Jan 7, 2023
KubePi allows malicious actor to login with a forged JWT token via Hardcoded Jwtsigkeys Critical
CVE-2023-22463 was published for github.com/KubeOperator/kubepi (Go) Jan 6, 2023
usememos/memos vulnerable to Cross-site Scripting Critical
CVE-2022-4866 was published for github.com/usememos/memos (Go) Dec 31, 2022
usememos/memos Cross-site Scripting vulnerability Critical
CVE-2022-4865 was published for github.com/usememos/memos (Go) Dec 31, 2022
mellium.im/sasl authentication failure due to insufficient nonce randomness Critical
CVE-2022-48195 was published for mellium.im/sasl (Go) Dec 31, 2022
Cloud Foundry Archiver vulnerable to path traversal Critical
CVE-2018-25046 was published for code.cloudfoundry.org/archiver (Go) Dec 28, 2022
LZ4 vulnerable to Out-of-bounds Write Critical
CVE-2014-125026 was published for github.com/cloudflare/golz4 (Go) Dec 28, 2022
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database