GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+
803 advisories
Filter by severity
KubeVirt NULL pointer dereference flaw
Moderate
CVE-2024-31420
was published
for
kubevirt.io/kubevirt
(Go)
Apr 3, 2024
Temporal UI Server cross-site scripting vulnerability
Moderate
CVE-2024-2435
was published
for
github.com/temporalio/ui-server/v2
(Go)
Apr 2, 2024
CA17 TeamsACS Cross Site Scripting vulnerability
Moderate
CVE-2024-22780
was published
for
github.com/ca17/teamsacs
(Go)
Apr 2, 2024
LocalAI cross-site request forgery vulnerability
Moderate
CVE-2024-3135
was published
for
github.com/go-skynet/LocalAI
(Go)
Apr 1, 2024
CasaOS Username Enumeration - Bypass of CVE-2024-24766
Moderate
CVE-2024-28232
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Apr 1, 2024
ArgoCD's repo server has Uncontrolled Resource Consumption vulnerability
Moderate
CVE-2024-29893
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 29, 2024
ZITADEL's actions can overload reserved claims
Moderate
CVE-2024-29892
was published
for
github.com/zitadel/zitadel
(Go)
Mar 28, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass
Moderate
GHSA-mh7p-8m2f-qrm6
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
•
withdrawn
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moderate
CVE-2024-29018
was published
for
github.com/docker/docker
(Go)
Mar 20, 2024
Unencrypted traffic between nodes when using WireGuard and L7 policies
Moderate
CVE-2024-28250
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Unencrypted traffic between nodes when using IPsec and L7 policies
Moderate
CVE-2024-28249
was published
for
github.com/cilium/cilium
(Go)
Mar 18, 2024
Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Moderate
CVE-2024-21662
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
Moderate
CVE-2024-21652
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Mar 18, 2024
Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime
Moderate
CVE-2023-51699
was published
for
github.com/fluid-cloudnative/fluid
(Go)
Mar 15, 2024
Users with `create` but not `override` privileges can perform local sync
Moderate
CVE-2023-50726
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 15, 2024
1Panel is vulnerable to command injection
Moderate
CVE-2024-2352
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 10, 2024
JWX vulnerable to a denial of service attack using compressed JWE message
Moderate
CVE-2024-28122
was published
for
github.com/lestrrat-go/jwx
(Go)
Mar 8, 2024
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Moderate
CVE-2024-28180
was published
for
github.com/go-jose/go-jose/v3
(Go)
Mar 7, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
Moderate
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Moderate
CVE-2024-28110
was published
for
github.com/cloudevents/sdk-go/v2
(Go)
Mar 6, 2024
1Panel open source panel project has an unauthorized vulnerability.
Moderate
CVE-2024-27288
was published
for
github.com/1Panel-dev/1Panel
(Go)
Mar 6, 2024
CasaOS Username Enumeration
Moderate
CVE-2024-24766
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
pgproto3 SQL Injection via Protocol Message Size Overflow
Moderate
GHSA-7jwh-3vrq-q3m8
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
pgx SQL Injection via Protocol Message Size Overflow
Moderate
CVE-2024-27304
was published
for
github.com/jackc/pgproto3
(Go)
Mar 4, 2024
ProTip!
Advisories are also available from the
GraphQL API