Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

15 advisories

Loading
1Panel arbitrary file write vulnerability High
CVE-2023-39966 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
Answer Missing Authorization vulnerability High
CVE-2023-4124 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
HashiCorp Nomad vulnerable to unauthenticated client agent HTTP request privilege escalation High
CVE-2023-1782 was published for github.com/hashicorp/nomad (Go) Apr 5, 2023
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
czchen crenshaw-dev
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
KubePi may allow unauthorized access to system API High
CVE-2023-22478 was published for github.com/KubeOperator/kubepi (Go) Jan 9, 2023
suanve
Missing Authorization in HashiCorp Consul High
CVE-2022-3920 was published for github.com/hashicorp/consul (Go) Nov 16, 2022
HashiCorp Consul does not properly validate node or segment names prior to usage in JWT claim assertions High
CVE-2021-41803 was published for github.com/hashicorp/consul (Go) Sep 25, 2022
anonymous4ACL24
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database