GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
30 advisories
Filter by severity
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4684
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control
High
CVE-2022-4689
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4809
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43759
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
High
CVE-2022-1025
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 13, 2022
Incorrect handling of credential expiry by /nats-io/nats-server
High
GHSA-2c64-vj8g-vwrq
was published
for
github.com/nats-io/jwt
(Go)
May 21, 2021
HashiCorp Consul Access Restriction Bypass
High
CVE-2019-8336
was published
for
github.com/hashicorp/consul
(Go)
May 13, 2022
Istio may not check inbound TCP connections against istio-policy
High
CVE-2019-12243
was published
for
istio.io/istio
(Go)
Feb 15, 2022
Access Restriction Bypass in kubernetes
High
CVE-2016-1905
was published
for
github.com/kubernetes/kubernetes
(Go)
Feb 15, 2022
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
HashiCorp Consul Incorrect Access Control vulnerability
High
CVE-2019-12291
was published
for
github.com/hashicorp/consul
(Go)
Jun 9, 2023
Access Restriction Bypass in go-ipfs
High
CVE-2020-10937
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 24, 2024
Go JOSE Signature Validation Bypass
High
CVE-2016-9122
was published
for
gopkg.in/square/go-jose.v1
(Go)
May 18, 2021
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2
High
GHSA-9r5x-fjv3-q6h4
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
•
withdrawn
karmada vulnerable to arbitrary code execution via a crafted command
High
CVE-2024-33396
was published
for
github.com/karmada-io/karmada
(Go)
May 2, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
ProTip!
Advisories are also available from the
GraphQL API