GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
65 advisories
Filter by severity
Path Traversal in file update API in gogs
High
CVE-2024-55947
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
Remote Command Execution in file editing in gogs
High
CVE-2024-54148
was published
for
gogs.io/gogs
(Go)
Dec 23, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Adguard Home arbitrary file read vulnerability
High
CVE-2024-36814
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 8, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
LocalAI path traversal vulnerability
High
CVE-2024-5182
was published
for
github.com/go-skynet/LocalAI
(Go)
Jun 20, 2024
Vulnerabilities with the k8sGPT
High
GHSA-85rg-8m6h-825p
was published
for
github.com/k8sgpt-ai/k8sgpt
(Go)
Jun 13, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7666
was published
for
github.com/u-root/u-root/pkg/cpio
(Go)
Apr 24, 2024
gin-vue-admin background arbitrary code coverage vulnerability
High
CVE-2024-31457
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Apr 9, 2024
Container escape at build time
High
GHSA-pmf3-c36m-g5cf
was published
for
github.com/containers/buildah
(Go)
Mar 19, 2024
Grafana path traversal
High
CVE-2021-43798
was published
for
github.com/grafana/grafana
(Go)
Feb 1, 2024
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
Artifact Hub arbitrary file read vulnerability
High
CVE-2023-45823
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
Arduino Create Agent path traversal - local privilege escalation vulnerability
High
CVE-2023-43802
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
1Panel O&M management panel has a background arbitrary file reading vulnerability
High
CVE-2023-39964
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Nuclei Path Traversal vulnerability
High
CVE-2023-37896
was published
for
github.com/projectdiscovery/nuclei
(Go)
Aug 4, 2023
ProTip!
Advisories are also available from the
GraphQL API