GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
740 advisories
Filter by severity
Local Privilege Escalation in cloudflared
High
CVE-2020-24356
was published
for
github.com/cloudflare/cloudflared
(Go)
May 24, 2021
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
github.com/nats-io/nats-server Import token permissions checking not enforced
High
GHSA-j756-f273-xhp4
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Nil dereference in NATS JWT causing DoS of nats-server
High
GHSA-hmm9-r2m2-qg9w
was published
for
github.com/nats-io/jwt
(Go)
May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server
High
GHSA-2c64-vj8g-vwrq
was published
for
github.com/nats-io/jwt
(Go)
May 21, 2021
Privilege escalation in rbac
High
CVE-2021-22538
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
May 21, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node
High
CVE-2021-27098
was published
for
github.com/spiffe/spire
(Go)
May 21, 2021
Insufficient Session Expiration in Kiali
High
CVE-2020-1762
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Authorization bypass in github.com/dgrijalva/jwt-go
High
CVE-2020-26160
was published
for
github.com/dgrijalva/jwt-go
(Go)
May 18, 2021
Integer overflow in github.com/gorilla/websocket
High
CVE-2020-27813
was published
for
github.com/gorilla/websocket
(Go)
May 18, 2021
github.com/tidwall/gjson is vulnerable to Denial of service
High
CVE-2020-36066
was published
for
github.com/tidwall/gjson
(Go)
May 18, 2021
github.com/unknwon/cae Path Traversal vulnerability
High
CVE-2020-7668
was published
for
github.com/unknwon/cae
(Go)
May 18, 2021
Path Traversal in github.com/unknwon/cae/zip
High
CVE-2020-7664
was published
for
github.com/unknwon/cae
(Go)
May 18, 2021
Go JOSE Signature Validation Bypass
High
CVE-2016-9122
was published
for
gopkg.in/square/go-jose.v1
(Go)
May 18, 2021
Go Ethereum Improper Input Validation
High
CVE-2018-16733
was published
for
github.com/ethereum/go-ethereum
(Go)
May 18, 2021
miekg/dns parsing error leads to nil pointer dereference and DoS
High
CVE-2018-17419
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
Path Traversal in Buildah
High
CVE-2020-10696
was published
for
github.com/containers/buildah
(Go)
May 18, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif
High
CVE-2021-29499
was published
for
github.com/sylabs/sif
(Go)
May 18, 2021
Hard coded cryptographic key in Kiali
High
CVE-2020-1764
was published
for
github.com/kiali/kiali
(Go)
May 18, 2021
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7669
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
High
CVE-2019-19025
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
High
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API