GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
18,824 advisories
Filter by severity
github.com/gofiber/fiber/v2 vulnerable to Origin Validation Error
Moderate
CVE-2018-20744
was published
for
github.com/gofiber/fiber/v2
(Go)
May 14, 2022
nfpm has incorrect default permissions
High
CVE-2023-32698
was published
for
github.com/goreleaser/nfpm
(Go)
May 24, 2023
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Moderate
GHSA-qjcv-rx3v-7mvj
was published
for
github.com/cosmos/ibc-go
(Go)
May 20, 2024
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
CVE-2023-29194
was published
for
vitess.io/vitess
(Go)
Apr 11, 2023
sjqzhang go-fastdfs vulnerable to path traversal
Critical
CVE-2023-1800
was published
for
github.com/sjqzhang/go-fastdfs
(Go)
Apr 2, 2023
Podman Time-of-check Time-of-use (TOCTOU) Race Condition
Moderate
CVE-2023-0778
was published
for
github.com/containers/podman/v4
(Go)
Mar 27, 2023
google.golang.org/protobuf vulnerable to panic leading to denial of service
High
CVE-2023-24535
was published
for
google.golang.org/protobuf
(Go)
Mar 14, 2023
gosaml2 vulnerable to Denial Of Service Via Deflate Decompression Bomb
Moderate
CVE-2023-26483
was published
for
github.com/russellhaering/gosaml2
(Go)
Mar 2, 2023
nistec has Incorrect Calculation in Multiplication of unreduced P-256 scalars
High
CVE-2023-24533
was published
for
filippo.io/nistec
(Go)
Mar 1, 2023
teler-waf contains detection rule bypass via Entities payload
Moderate
CVE-2023-26047
was published
for
github.com/kitabisa/teler-waf
(Go)
Mar 1, 2023
teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Moderate
CVE-2023-26046
was published
for
github.com/kitabisa/teler-waf
(Go)
Mar 1, 2023
Data Amplification in HashiCorp go-getter
Moderate
CVE-2023-0475
was published
for
github.com/hashicorp/go-getter
(Go)
Feb 16, 2023
Uncontrolled Resource Consumption in golang.org/x/image
Moderate
CVE-2022-41727
was published
for
golang.org/x/image
(Go)
Feb 17, 2023
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
High
CVE-2022-41723
was published
for
golang.org/x/net
(Go)
Feb 17, 2023
Open Redirect in Caddy
Moderate
CVE-2022-28923
was published
for
github.com/caddyserver/caddy/v2
(Go)
Feb 7, 2023
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing
High
GHSA-74fp-r6jw-h4mp
was published
for
k8s.io/apimachinery
(Go)
Feb 8, 2023
Paranoidhttp Server-Side Request Forgery vulnerability
High
CVE-2023-24623
was published
for
github.com/hakobe/paranoidhttp
(Go)
Jan 30, 2023
github.com/openshift/apiserver-library-go Improper Input Validation vulnerability
Moderate
CVE-2023-0229
was published
for
github.com/openshift/apiserver-library-go
(Go)
Jan 26, 2023
Denial of service via HAMT Decoding Panics
Moderate
CVE-2023-23625
was published
for
github.com/ipfs/go-unixfs
(Go)
Feb 10, 2023
golang.org/x/net/http2/h2c vulnerable to request smuggling attack
High
CVE-2022-41721
was published
for
golang.org/x/net
(Go)
Jan 14, 2023
mellium.im/sasl authentication failure due to insufficient nonce randomness
Critical
CVE-2022-48195
was published
for
mellium.im/sasl
(Go)
Dec 31, 2022
Macaron i18n Open Redirect vulnerability
Moderate
CVE-2020-36627
was published
for
github.com/go-macaron/i18n
(Go)
Dec 25, 2022
docconv OS Command Injection vulnerability
Critical
CVE-2022-4643
was published
for
code.sajari.com/docconv
(Go)
Dec 22, 2022
golang.org/x/net/http2 vulnerable to possible excessive memory growth
Moderate
CVE-2022-41717
was published
for
golang.org/x/net
(Go)
Dec 8, 2022
Buildah (as part of Podman) vulnerable to Path Traversal
Low
CVE-2022-4123
was published
for
github.com/containers/podman/v4
(Go)
Dec 8, 2022
ProTip!
Advisories are also available from the
GraphQL API