GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
753 advisories
Filter by severity
OpenShift Must Gather Operator Improper Input Validation vulnerability
High
CVE-2024-25131
was published
for
github.com/openshift/must-gather
(Go)
Dec 19, 2024
WhoDB Allows Unbounded Memory Consumption in Authentication Middleware Can Lead to Denial of Service
High
GHSA-5pf6-cq2v-23ww
was published
for
github.com/clidey/whodb/core
(Go)
Dec 19, 2024
Non-linear parsing of case-insensitive content in golang.org/x/net/html
High
CVE-2024-45338
was published
for
golang.org/x/net
(Go)
Dec 18, 2024
Open Cluster Management vulnerable to Trust Boundary Violation
High
CVE-2024-9779
was published
for
open-cluster-management.io/ocm
(Go)
Dec 18, 2024
ASA-2024-0012, ASA-2024-0013: CosmosSDK: Transaction decoding may result in a stack overflow or resource exhaustion
High
GHSA-8wcc-m6j2-qxvm
was published
for
github.com/cosmos/cosmos-sdk
(Go)
Dec 16, 2024
MinIO vulnerable to privilege escalation in IAM import API
High
CVE-2024-55949
was published
for
github.com/minio/minio
(Go)
Dec 16, 2024
Potential Vulnerabilities Due to Outdated golang.org/x/crypto Dependency in NanoProxy
High
GHSA-7prj-hgx4-2xc3
was published
for
github.com/ryanbekhen/nanoproxy
(Go)
Dec 12, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
High
CVE-2024-54131
was published
for
github.com/kolide/launcher
(Go)
Dec 3, 2024
Moby Race Condition vulnerability
High
CVE-2024-36623
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Moby Race Condition vulnerability
High
CVE-2024-36621
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws
High
GHSA-7f6p-phw2-8253
was published
for
github.com/taurusgroup/multi-party-sig
(Go)
Nov 25, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
High
GHSA-7225-m954-23v7
was published
for
cosmossdk.io/math
(Go)
Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
High
CVE-2024-52308
was published
for
github.com/cli/cli
(Go)
Nov 14, 2024
Harbor fails to validate the user permissions when updating p2p preheat policies
High
CVE-2022-31668
was published
for
github.com/goharbor/harbor
(Go)
Nov 14, 2024
Zoraxy has an authenticated command injection in the Web SSH feature
High
CVE-2024-52010
was published
for
github.com/tobychui/zoraxy
(Go)
Nov 12, 2024
Git credentials are exposed in Atlantis logs
High
CVE-2024-52009
was published
for
github.com/runatlantis/atlantis
(Go)
Nov 8, 2024
Devtron has SQL Injection in CreateUser API
High
CVE-2024-45794
was published
for
github.com/devtron-labs/devtron
(Go)
Nov 7, 2024
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
High
GHSA-p7mv-53f2-4cwj
was published
for
github.com/cometbft/cometbft
(Go)
Nov 6, 2024
ProTip!
Advisories are also available from the
GraphQL API