GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
17 advisories
Filter by severity
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass Vulnerability
Moderate
CVE-2024-45043
was published
for
github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
(Go)
Aug 29, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
Arbitrary File Override in Docker Engine
Moderate
CVE-2015-3631
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Bytebase allows low-privilege users to view admin projects
Moderate
CVE-2022-32170
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
Kyverno resource with a deletionTimestamp may allow policy circumvention
Moderate
CVE-2023-34091
was published
for
github.com/kyverno/kyverno
(Go)
Jun 5, 2023
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39342
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA Authorization Bypass via tupleset wildcard
Moderate
CVE-2022-39341
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
HashiCorp Vault's PKI mount vulnerable to denial of service
Moderate
CVE-2023-0665
was published
for
github.com/hashicorp/vault
(Go)
Mar 30, 2023
Potential network policy bypass when routing IPv6 traffic
Moderate
CVE-2023-27594
was published
for
github.com/cilium/cilium
(Go)
Mar 17, 2023
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4804
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API