GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,227
Erlang
31
GitHub Actions
19
Go
1,991
Maven
5,000+
npm
3,708
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
59 advisories
Filter by severity
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Adguard Home arbitrary file read vulnerability
High
CVE-2024-36814
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 8, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
LocalAI path traversal vulnerability
High
CVE-2024-5182
was published
for
github.com/go-skynet/LocalAI
(Go)
Jun 20, 2024
Vulnerabilities with the k8sGPT
High
GHSA-85rg-8m6h-825p
was published
for
github.com/k8sgpt-ai/k8sgpt
(Go)
Jun 13, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7666
was published
for
github.com/u-root/u-root/pkg/cpio
(Go)
Apr 24, 2024
gin-vue-admin background arbitrary code coverage vulnerability
High
CVE-2024-31457
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Apr 9, 2024
Container escape at build time
High
GHSA-pmf3-c36m-g5cf
was published
for
github.com/containers/buildah
(Go)
Mar 19, 2024
Grafana path traversal
High
CVE-2021-43798
was published
for
github.com/grafana/grafana
(Go)
Feb 1, 2024
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
Artifact Hub arbitrary file read vulnerability
High
CVE-2023-45823
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
Arduino Create Agent path traversal - local privilege escalation vulnerability
High
CVE-2023-43802
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
1Panel O&M management panel has a background arbitrary file reading vulnerability
High
CVE-2023-39964
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Nuclei Path Traversal vulnerability
High
CVE-2023-37896
was published
for
github.com/projectdiscovery/nuclei
(Go)
Aug 4, 2023
Go-huge-util vulnerable to path traversal when unzipping files
High
CVE-2023-28105
was published
for
github.com/dablelv/go-huge-util
(Go)
Mar 16, 2023
Goutil vulnerable to path traversal when unzipping files
High
CVE-2023-27475
was published
for
github.com/gookit/goutil
(Go)
Mar 7, 2023
mrpack-install vulnerable to path traversal with dependency
High
CVE-2023-25307
was published
for
github.com/nothub/mrpack-install
(Go)
Feb 8, 2023
Unsafe tar unpacking in HashiCorp go-slug
High
CVE-2020-29529
was published
for
github.com/hashicorp/go-slug
(Go)
Feb 6, 2023
Path Traversal in gin-vue-admin
High
CVE-2022-47762
was published
for
github.com/flipped-aurora/gin-vue-admin
(Go)
Feb 3, 2023
Kraken has arbitrary file read vulnerability via component testfs
High
CVE-2022-47747
was published
for
github.com/uber/kraken
(Go)
Jan 20, 2023
ProTip!
Advisories are also available from the
GraphQL API