Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,722 advisories

Shallow copy bug in geth Moderate
CVE-2020-26241 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
johnyangk
Erroneous Proof of Work calculation in geth Moderate
CVE-2020-26240 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
slavikus
Cross-site Scripting in Gogs Moderate
CVE-2014-8683 was published for gogs.io/gogs (Go) Jun 29, 2021
SQL Injection in Gogs High
CVE-2014-8682 was published for gogs.io/gogs (Go) Jun 29, 2021
SQL Injection in gogs.io/gogs Moderate
CVE-2014-8681 was published for github.com/gogits/gogs (Go) Jun 29, 2021
Open Redirect Moderate
CVE-2018-15178 was published for gogs.io/gogs (Go) Jun 29, 2021
Improper Privilege Management in HashiCorp Nomad High
CVE-2021-3283 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Improper network isolation in Hashicorp Nomad Moderate
CVE-2021-32575 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Incorrect Authorization in ORY Oathkeeper High
CVE-2021-32701 was published for github.com/ory/oathkeeper (Go) Jun 24, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3 Moderate
CVE-2021-21303 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
Plugin archive directory traversal in Helm Low
CVE-2020-4053 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
snoopysecurity
Duplicate Advisory: Helm passes repository credentials to alternate domain Moderate
GHSA-7jr6-prv4-5wf5 was published for helm.sh/helm/v3 (Go) Jun 23, 2021 withdrawn
Helm passes repository credentials to alternate domain Moderate
CVE-2021-32690 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings Moderate
CVE-2021-32699 was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Helm uses crypto package vulnerable to panic from malformed X.509 certificate High
CVE-2020-7919 was published for github.com/helm/helm (Go) Jun 23, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
Inconsistent Interpretation of HTTP Requests in github.com/gin-gonic/gin High
CVE-2020-28483 was published for github.com/gin-gonic/gin (Go) Jun 23, 2021
Denial of service in GJSON High
CVE-2020-35380 was published for github.com/tidwall/gjson (Go) Jun 23, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul Moderate
CVE-2020-12797 was published for github.com/hashicorp/consul (Go) Jun 23, 2021
XML Processing error in github.com/crewjam/saml Critical
CVE-2020-27846 was published for github.com/crewjam/saml (Go) Jun 23, 2021
Auth bypass in SAML provider Critical
GHSA-433w-mm6h-rv9p was published for github.com/netlify/gotrue (Go) Jun 23, 2021
jupenur
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Path traversal in github.com/ipfs/go-ipfs High
CVE-2020-26279 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
ProTip! Advisories are also available from the GraphQL API