GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Dromara hutool vulnerable to SQL Injection
Critical
CVE-2023-24163
was published
for
cn.hutool:hutool-all
(Maven)
Jan 31, 2023
golang-nanoauth authentication bypass vulnerability
Critical
CVE-2020-36569
was published
for
github.com/nanobox-io/golang-nanoauth
(Go)
Dec 28, 2022
studygolang vulnerable to cross-site scripting
Moderate
CVE-2021-4272
was published
for
github.com/studygolang/studygolang
(Go)
Dec 21, 2022
Amazon CloudWatch Agent for Windows has Privilege Escalation Vector
High
CVE-2022-23511
was published
for
github.com/aws/amazon-cloudwatch-agent
(Go)
Dec 12, 2022
Harbor fails to validate the user permissions when updating a robot account
Moderate
CVE-2022-31667
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when viewing Webhook policies
High
CVE-2022-31666
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
KubeVirt vulnerable to arbitrary file read on host
High
GHSA-qv98-3369-g364
was published
for
kubevirt.io/kubevirt
(Go)
Sep 15, 2022
Microsoft: CBC Padding Oracle in Azure Blob Storage Encryption Library
Moderate
CVE-2022-30187
was published
for
Azure.Storage.Blobs
(Maven)
Jul 13, 2022
Jenkins Aqua Security Serverless Scanner Plugin showed plain text password in job configuration form fields
Low
CVE-2019-10397
was published
for
org.jenkins-ci.plugins:aqua-serverless
(Maven)
May 24, 2022
SQL Injection in Couchbase Sync Gateway
Critical
CVE-2019-9039
was published
for
github.com/couchbase/sync_gateway
(Go)
Feb 15, 2022
Incorrect Authorization in NATS nats-server
High
CVE-2022-24450
was published
for
github.com/nats-io/nats-server/v2
(Go)
Feb 8, 2022
Infinite certificate chain depth results in OctoRPKI running forever
Moderate
CVE-2021-3908
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Cross-site Scripting in Mattermost
Moderate
CVE-2021-37860
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Sep 23, 2021
Null pointer deference in openssl-src
High
CVE-2020-1967
was published
for
openssl-src
(Rust)
Aug 25, 2021
ProTip!
Advisories are also available from the
GraphQL API