GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
217 advisories
Filter by severity
LocalAI Command Injection in audioToWav
Critical
CVE-2024-2029
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 10, 2024
ibc-go: Potential Reentrancy using Timeout Callbacks in ibc-hooks
Critical
GHSA-j496-crgh-34mx
was published
for
github.com/cosmos/ibc-go
(Go)
Apr 5, 2024
Cross-site scripting on application summary component
Critical
CVE-2024-28175
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access
Critical
CVE-2024-27102
was published
for
github.com/pterodactyl/wings
(Go)
Mar 15, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Transparent TLS may not be applied to Marbles with certain manifest configurations
Critical
GHSA-x5r5-2qrx-rqj8
was published
for
github.com/edgelesssys/marblerun
(Go)
Feb 27, 2024
Fiber has Insecure CORS Configuration, Allowing Wildcard Origin with Credentials
Critical
CVE-2024-25124
was published
for
github.com/gofiber/fiber/v2
(Go)
Feb 22, 2024
BuildKit vulnerable to possible host system access from mount stub cleaner
Critical
CVE-2024-23652
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
Buildkit's interactive containers API does not validate entitlements check
Critical
CVE-2024-23653
was published
for
github.com/moby/buildkit
(Go)
Jan 31, 2024
HashiCorp Vault Improper Privilege Management
Critical
CVE-2020-10661
was published
for
github.com/hashicorp/vault
(Go)
Jan 30, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Django Template Engine Vulnerable to XSS
Critical
CVE-2024-22199
was published
for
github.com/gofiber/template/django/v3
(Go)
Jan 11, 2024
Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Critical
CVE-2023-49569
was published
for
github.com/go-git/go-git/v4
(Go)
Jan 10, 2024
snapd Race Condition vulnerability
Critical
CVE-2022-3328
was published
for
github.com/snapcore/snapd
(Go)
Jan 8, 2024
Withdrawn Advisory: Teleport Access List owners can escalate their privileges
Critical
GHSA-76cc-p55w-63g3
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users
Critical
GHSA-hw4x-mcx5-9q36
was published
for
github.com/gravitational/teleport
(Go)
Jan 3, 2024
•
withdrawn
Improper Privilege Management in github.com/sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 13, 2023
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
Capsule Proxy Authentication bypass using an empty token
Critical
CVE-2023-48312
was published
for
github.com/clastix/capsule-proxy
(Go)
Nov 24, 2023
SQL injection vulnerability in Meshery
Critical
CVE-2023-46575
was published
for
github.com/layer5io/meshery
(Go)
Nov 24, 2023
Plonk verifier KZG multi point verification
Critical
GHSA-7p92-x423-vwj6
was published
for
github.com/consensys/gnark
(Go)
Oct 17, 2023
CSRF Token Reuse Vulnerability
Critical
CVE-2023-45128
was published
for
github.com/gofiber/fiber/v2
(Go)
Oct 17, 2023
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Critical
CVE-2023-32188
was published
for
github.com/neuvector/neuvector
(Go)
Oct 6, 2023
Consensys gnark-crypto allows Signature Malleability
Critical
CVE-2023-44273
was published
for
github.com/Consensys/gnark-crypto
(Go)
Sep 28, 2023
sing-box vulnerable to improper authentication in the SOCKS inbound
Critical
CVE-2023-43644
was published
for
github.com/sagernet/sing
(Go)
Sep 26, 2023
ProTip!
Advisories are also available from the
GraphQL API