GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
757 advisories
Filter by severity
Improper Verification of Cryptographic Signature in golang.org/x/crypto
High
CVE-2020-9283
was published
for
golang.org/x/crypto
(Go)
May 18, 2021
GPGME Go wrapper contains Use After Free
High
CVE-2020-8945
was published
for
github.com/proglottis/gpgme
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Cloud Foundry Routing Improper Input Validation vulnerability
High
CVE-2019-11289
was published
for
code.cloudfoundry.org/gorouter
(Go)
May 18, 2021
Out-of-bounds read in Apache Thrift
High
CVE-2019-0210
was published
for
github.com/apache/thrift
(Go)
May 18, 2021
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
High
CVE-2019-13209
was published
for
github.com/rancher/rancher
(Go)
May 18, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Integer Overflow or Wraparound in NATS Server
High
CVE-2019-13126
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 18, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Denial of Service (DoS) in HashiCorp Consul
High
CVE-2020-7219
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
High
CVE-2020-7218
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
High
CVE-2020-13250
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
High
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
High
CVE-2019-19025
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7669
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Hard coded cryptographic key in Kiali
High
CVE-2020-1764
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif
High
CVE-2021-29499
was published
for
github.com/sylabs/sif
(Go)
May 18, 2021
Path Traversal in Buildah
High
CVE-2020-10696
was published
for
github.com/containers/buildah
(Go)
May 18, 2021
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
miekg/dns parsing error leads to nil pointer dereference and DoS
High
CVE-2018-17419
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Go Ethereum Improper Input Validation
High
CVE-2018-16733
was published
for
github.com/ethereum/go-ethereum
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API