GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+
794 advisories
Filter by severity
Dapr API Token Exposure
Moderate
CVE-2024-35223
was published
for
github.com/dapr/dapr
(Go)
May 22, 2024
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability
Moderate
GHSA-qjcv-rx3v-7mvj
was published
for
github.com/cosmos/ibc-go
(Go)
May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates
Moderate
CVE-2024-35194
was published
for
github.com/stacklok/minder
(Go)
May 20, 2024
Trivy possibly leaks registry credential when scanning images from malicious registries
Moderate
CVE-2024-35192
was published
for
github.com/aquasecurity/trivy
(Go)
May 20, 2024
Submariner Operator sets unnecessary RBAC permissions in helm charts
Moderate
CVE-2024-5042
was published
for
github.com/submariner-io/submariner-operator
(Go)
May 17, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint
Moderate
CVE-2024-35185
was published
for
github.com/stacklok/minder
(Go)
May 16, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
goreleaser shows environment by default
Moderate
GHSA-f6mm-5fc7-3g3c
was published
for
github.com/goreleaser/goreleaser
(Go)
May 15, 2024
source-controller leaks Azure Storage SAS token into logs
Moderate
CVE-2024-31216
was published
for
github.com/fluxcd/source-controller
(Go)
May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs
Moderate
CVE-2024-3744
was published
for
sigs.k8s.io/azurefile-csi-driver
(Go)
May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
Moderate
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana when using email as a username can block other users from signing in
Moderate
CVE-2022-39229
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Email addresses and usernames can not be trusted
Moderate
CVE-2022-39306
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana User enumeration via forget password
Moderate
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Spoofing originalUrl of snapshots
Moderate
CVE-2022-39324
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used
Moderate
CVE-2022-35957
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins
Moderate
CVE-2022-31130
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Plugin signature bypass
Moderate
CVE-2022-31123
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana proxy Cross-site Scripting
Moderate
CVE-2022-21702
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana directory traversal for .cvs files
Moderate
CVE-2021-43815
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
1Panel arbitrary file write vulnerability
Moderate
CVE-2024-34352
was published
for
github.com/1Panel-dev/1Panel
(Go)
May 9, 2024
Vitess vulnerable to infinite memory consumption and vtgate crash
Moderate
CVE-2024-32886
was published
for
github.com/vitessio/vitess
(Go)
May 8, 2024
tiagorlampert CHAOS vulnerable to arbitrary code execution
Moderate
CVE-2024-33434
was published
for
github.com/tiagorlampert/CHAOS
(Go)
May 7, 2024
ProTip!
Advisories are also available from the
GraphQL API