GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,110
Erlang
29
GitHub Actions
19
Go
1,932
Maven
5,000+
npm
3,666
NuGet
642
pip
3,285
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,932 advisories
Filter by severity
MD5 hash support in github.com/foxcpp/maddy
Low
GHSA-qh54-9vc5-m9fg
was published
for
github.com/foxcpp/maddy
(Go)
Oct 12, 2021
S3 storage write is not aborted on errors leading to unbounded memory usage
High
GHSA-m6m5-pp4g-fcc8
was published
for
github.com/foxcpp/maddy
(Go)
Oct 6, 2021
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Insufficiently restricted permissions on plugin directories
Moderate
CVE-2021-41103
was published
for
github.com/containerd/containerd
(Go)
Oct 4, 2021
Cross-site Scripting in Gitea
Moderate
CVE-2021-28378
was published
for
code.gitea.io/gitea
(Go)
Sep 27, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Cross-site Scripting in Mattermost
Moderate
CVE-2021-37860
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Sep 23, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Confused Deputy in Kubernetes
Moderate
CVE-2020-8561
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
Cross-site Scripting in Beego
Moderate
CVE-2021-39391
was published
for
github.com/beego/beego/v2
(Go)
Sep 15, 2021
Incorrect Authorization with specially crafted requests
High
CVE-2021-39206
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Excessive CPU usage
High
CVE-2021-39204
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Incorrect handling of H2 GOAWAY + SETTINGS frames
High
CVE-2021-39162
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
HashiCorp Consul Privilege Escalation Vulnerability
High
CVE-2021-37219
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Privilege escalation in Hashicorp Nomad
High
CVE-2021-37218
was published
for
github.com/hashicorp/nomad
(Go)
Sep 8, 2021
Incomplete List of Disallowed Inputs in Kubernetes
Moderate
CVE-2021-25737
was published
for
k8s.io/kubernetes
(Go)
Sep 7, 2021
OctoRPKI lacks contextual out-of-bounds check when validating RPKI ROA maxLength values
High
CVE-2021-3761
was published
for
github.com/cloudflare/cfrpki
(Go)
Sep 7, 2021
Path traversal in Grafana Loki
Moderate
CVE-2021-36156
was published
for
github.com/grafana/loki
(Go)
Sep 2, 2021
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Path traversal in Grafana Cortex
Moderate
CVE-2021-36157
was published
for
github.com/cortexproject/cortex
(Go)
Sep 2, 2021
Improper use of cryptographic key in wal-g
High
CVE-2021-38599
was published
for
github.com/wal-g/wal-g
(Go)
Sep 2, 2021
Path traversal in ServiceCenter
High
CVE-2021-21501
was published
for
github.com/apache/servicecomb-service-center
(Go)
Sep 1, 2021
ProTip!
Advisories are also available from the
GraphQL API