GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,945
Erlang
29
GitHub Actions
16
Go
1,731
Maven
4,961
npm
3,493
NuGet
607
pip
3,059
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
627 advisories
Filter by severity
go-grpc-compression has a zstd decompression bombing vulnerability
High
GHSA-87m9-rv8p-rgmg
was published
for
github.com/mostynb/go-grpc-compression
(Go)
Jun 10, 2024
Contract balance not updating correctly after interchain transaction
High
CVE-2024-37153
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC
High
CVE-2024-36129
was published
for
go.opentelemetry.io/collector/config/configgrpc
(Go)
Jun 5, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
apko Exposure of HTTP basic auth credentials in log output
High
CVE-2024-36127
was published
for
chainguard.dev/apko
(Go)
Jun 4, 2024
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
Grafana folders admin only permission privilege escalation
High
CVE-2022-36062
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana account takeover via OAuth vulnerability
High
CVE-2022-31107
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting
High
CVE-2022-31097
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
dotmesh arbitrary file read and/or write
High
CVE-2020-26312
was published
for
github.com/dotmesh-io/dotmesh
(Go)
May 14, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Previous ATX is not checked to be the newest valid ATX by Smesher when validating incoming ATX
High
CVE-2024-34360
was published
for
github.com/spacemeshos/api
(Go)
May 10, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
go-ethereum vulnerable to DoS via malicious p2p message
High
CVE-2024-32972
was published
for
github.com/ethereum/go-ethereum
(Go)
May 6, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read
High
CVE-2024-34066
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
CRI-O vulnerable to an arbitrary systemd property injection
High
CVE-2024-3154
was published
for
github.com/cri-o/cri-o
(Go)
Apr 30, 2024
Withdrawn: Runc allows an arbitrary systemd property to be injected
High
GHSA-c5pj-mqfh-rvc3
was published
for
github.com/opencontainers/runc
(Go)
Apr 26, 2024
•
withdrawn
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
Heketi Arbitrary Code Execution
High
CVE-2017-15103
was published
for
github.com/heketi/heketi
(Go)
Apr 24, 2024
Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources
High
CVE-2021-25318
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher Privilege escalation vulnerability via malicious "Connection" header
High
CVE-2021-31999
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Steve API Component Improper authorization check allows privilege escalation
High
CVE-2021-36776
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Rancher's Failure to delete orphaned role bindings does not revoke project level access from group based authentication
High
CVE-2021-36775
was published
for
github.com/rancher/rancher
(Go)
Apr 24, 2024
Buffer Overflow in gitea
High
CVE-2021-3382
was published
for
github.com/go-gitea/gitea
(Go)
Apr 24, 2024
Access Restriction Bypass in go-ipfs
High
CVE-2020-10937
was published
for
github.com/ipfs/go-ipfs
(Go)
Apr 24, 2024
ProTip!
Advisories are also available from the
GraphQL API