Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,653
Erlang
29
GitHub Actions
16
Go
1,706
Maven
4,938
npm
3,471
NuGet
603
pip
2,985
Pub
10
RubyGems
826
Rust
772
Swift
34
Unreviewed advisories
All unreviewed
5,000+

794 advisories

Dapr API Token Exposure Moderate
CVE-2024-35223 was published for github.com/dapr/dapr (Go) May 22, 2024
elena-kolevska artursouza
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability Moderate
GHSA-qjcv-rx3v-7mvj was published for github.com/cosmos/ibc-go (Go) May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates Moderate
CVE-2024-35194 was published for github.com/stacklok/minder (Go) May 20, 2024
AdamKorcz DavidKorczynski
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
Submariner Operator sets unnecessary RBAC permissions in helm charts Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Moderate
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana when using email as a username can block other users from signing in Moderate
CVE-2022-39229 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Email addresses and usernames can not be trusted Moderate
CVE-2022-39306 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar
Grafana Escalation from admin to server admin when auth proxy is used Moderate
CVE-2022-35957 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Grafana Plugin signature bypass Moderate
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana directory traversal for .cvs files Moderate
CVE-2021-43815 was published for github.com/grafana/grafana (Go) May 14, 2024
1Panel arbitrary file write vulnerability Moderate
CVE-2024-34352 was published for github.com/1Panel-dev/1Panel (Go) May 9, 2024
an5er
Vitess vulnerable to infinite memory consumption and vtgate crash Moderate
CVE-2024-32886 was published for github.com/vitessio/vitess (Go) May 8, 2024
dbussink mattrobenolt
vmg
tiagorlampert CHAOS vulnerable to arbitrary code execution Moderate
CVE-2024-33434 was published for github.com/tiagorlampert/CHAOS (Go) May 7, 2024
ProTip! Advisories are also available from the GraphQL API