GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
165 advisories
Filter by severity
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Denial of service via insufficient metadata validation
Moderate
GHSA-p93v-m2r2-4387
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
Possible privilege escalation via bash completion script
Moderate
GHSA-w4f8-fxq2-j35v
was published
for
github.com/google/fscrypt
(Go)
Mar 1, 2022
SSRF in repository migration
Moderate
GHSA-q347-cg56-pcq4
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
Sysctls applied to containers with host IPC or host network namespaces can affect the host
Moderate
GHSA-w2j5-3rcx-vx7x
was published
for
github.com/cri-o/cri-o
(Go)
Mar 15, 2022
GitHub CLI can execute a git binary from the current directory
Moderate
GHSA-fqfh-778m-2v32
was published
for
github.com/cli/cli
(Go)
Feb 11, 2022
SSRF in repository migration
Moderate
CVE-2022-0870
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
Cross-site Scripting in Gogs
Moderate
CVE-2022-1464
was published
for
gogs.io/gogs
(Go)
May 24, 2022
DoS via malicious p2p message in Go Ethereum
Moderate
CVE-2022-29177
was published
for
github.com/ethereum/go-ethereum
(Go)
May 24, 2022
Cross-site Scripting vulnerability in repository issue list in Gogs
Moderate
CVE-2022-31038
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore
Moderate
CVE-2022-31076
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Moderate
CVE-2022-31077
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
KubeEdge Edge ServiceBus module DoS
Moderate
CVE-2022-31073
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
Dutchoders transfer.sh contains an XSS vulnerability via malicious file upload
Moderate
CVE-2022-40931
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Sep 30, 2022
Pinniped Supervisor Insufficient Session Expiration vulnerability
Moderate
CVE-2022-31677
was published
for
go.pinniped.dev
(Go)
Sep 1, 2022
gotify/server vulnerable to Cross-site Scripting in the application image file upload
Moderate
CVE-2022-46181
was published
for
github.com/gotify/server
(Go)
Dec 30, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Moderate
CVE-2021-32699
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
Hashicorp Boundary vulnerable to clickjacking
Moderate
CVE-2022-36182
was published
for
github.com/hashicorp/boundary
(Go)
Oct 27, 2022
SFTPGo WebClient vulnerable to Cross-site Scripting
Moderate
CVE-2022-39220
was published
for
github.com/drakkan/sftpgo
(Go)
Sep 20, 2022
ProTip!
Advisories are also available from the
GraphQL API