GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,226
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,339
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Moderate
CVE-2022-39199
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Token reuse in Ory fosite
High
CVE-2020-15222
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Pipelines do not validate child UIDs
Low
CVE-2023-37264
was published
for
github.com/tektoncd/pipeline
(Go)
Jul 7, 2023
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
High
CVE-2023-43800
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
High
CVE-2022-3346
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
Insufficient Verification of Proofs generated by the immudb server in client SDK.
Moderate
CVE-2022-36111
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API