GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,096
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,654
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
700 advisories
Filter by severity
PAM module may allow accessing with the credentials of another user
High
CVE-2024-9313
was published
for
github.com/ubuntu/authd
(Go)
Oct 3, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Pomerium service account access token may grant unintended access to databroker API
High
CVE-2024-47616
was published
for
github.com/pomerium/pomerium
(Go)
Oct 2, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl/v2
(Go)
Oct 1, 2024
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability
High
GHSA-85qf-6845-m8p2
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Duplicate Advisory: Juju makes Use of Weak Credentials
High
GHSA-phh4-3hmm-24rx
was published
for
github.com/juju/juju
(Go)
Oct 2, 2024
•
withdrawn
Code injection in ansible semaphore
High
CVE-2023-39059
was published
for
github.com/ansible-semaphore/semaphore
(Go)
Aug 29, 2023
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High
CVE-2023-5077
was published
for
github.com/hashicorp/vault
(Go)
Sep 29, 2023
Memory leaks in code encrypting and verifying RSA payloads
High
CVE-2024-1394
was published
for
github.com/golang-fips/go
(Go)
Mar 20, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default
High
CVE-2024-7594
was published
for
github.com/hashicorp/vault
(Go)
Sep 26, 2024
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers
High
CVE-2023-3518
was published
for
github.com/hashicorp/consul
(Go)
Aug 9, 2023
Hashicorp Consul allows user with service:write permissions to patch remote proxy instances
High
CVE-2023-2816
was published
for
github.com/hashicorp/consul
(Go)
Jun 3, 2023
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
HashiCorp Nomad vulnerable to symlink attacks
High
CVE-2024-1329
was published
for
github.com/hashicorp/nomad
(Go)
Feb 8, 2024
CoreDNS vulnerable to TuDoor Attacks
High
CVE-2023-28452
was published
for
github.com/coredns/coredns
(Go)
Sep 18, 2024
ZITADEL's Service Users Deactivation not Working
High
CVE-2024-47000
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ZITADEL's User Grant Deactivation not Working
High
CVE-2024-46999
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
External Secrets Operator vulnerable to privilege escalation
High
CVE-2024-45041
was published
for
github.com/external-secrets/external-secrets
(Go)
Sep 9, 2024
Podman publishes a malicious image to public registries
High
CVE-2022-1227
was published
for
github.com/containers/podman/v3
(Go)
Apr 30, 2022
HashiCorp Vault Authentication bypass
High
CVE-2020-16251
was published
for
github.com/hashicorp/vault
(Go)
Jan 31, 2024
req may send an unintended request when a malformed URL is provided
High
CVE-2024-45258
was published
for
github.com/imroc/req
(Go)
Aug 26, 2024
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman
(Go)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API