GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,626
Erlang
29
GitHub Actions
16
Go
1,698
Maven
4,936
npm
3,466
NuGet
601
pip
2,975
Pub
10
RubyGems
826
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+
789 advisories
Filter by severity
Submariner Operator sets unnecessary RBAC permissions in helm charts
Moderate
CVE-2024-5042
was published
for
github.com/submariner-io/submariner-operator
(Go)
May 17, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana directory traversal for .cvs files
Moderate
CVE-2021-43815
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
May 9, 2024
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Moderate
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
btcd susceptible to consensus failures
Moderate
CVE-2024-34478
was published
for
github.com/btcsuite/btcd
(Go)
May 5, 2024
Pterodactyl Wings vulnerable to Server-Side Request Forgery during remote file pull
Moderate
CVE-2024-34068
was published
for
github.com/pterodactyl/wings
(Go)
May 3, 2024
piraeus-operator allows attacker to impersonate service account
Moderate
CVE-2024-33398
was published
for
github.com/piraeusdatastore/piraeus-operator/v2
(Go)
May 3, 2024
karmada vulnerable to arbitrary code execution via a crafted command
Moderate
CVE-2024-33396
was published
for
github.com/karmada-io/karmada
(Go)
May 2, 2024
kubevirt allows a local attacker to execute arbitrary code via a crafted command
Moderate
CVE-2024-33394
was published
for
kubevirt.io/kubevirt
(Go)
May 2, 2024
ProTip!
Advisories are also available from the
GraphQL API