GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,255
Erlang
31
GitHub Actions
21
Go
2,021
Maven
5,000+
npm
3,728
NuGet
662
pip
3,406
Pub
12
RubyGems
890
Rust
862
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
quic-go affected by an ICMP Packet Too Large Injection Attack on Linux
Moderate
CVE-2024-53259
was published
for
github.com/quic-go/quic-go
(Go)
Dec 2, 2024
HTTP client can manipulate custom HTTP headers that are added by Traefik
Critical
CVE-2024-45410
was published
for
github.com/traefik/traefik
(Go)
Sep 19, 2024
In regclient, pinned manifest digests may be ignored
Moderate
GHSA-qv35-3gw6-8q4j
was published
for
github.com/regclient/regclient
(Go)
Aug 5, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address
Moderate
CVE-2024-35175
was published
for
github.com/tg123/sshpiper
(Go)
May 14, 2024
Classic builder cache poisoning
Moderate
CVE-2024-24557
was published
for
github.com/docker/docker
(Go)
Feb 1, 2024
Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin
Moderate
CVE-2023-48795
was published
for
golang.org/x/crypto
(Go)
Dec 18, 2023
Always incorrect control flow in github.com/mojocn/base64Captcha
Moderate
CVE-2023-45292
was published
for
github.com/mojocn/base64Captcha
(Go)
Dec 12, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
Arduino Create Agent Insufficient Verification of Data Authenticity vulnerability
High
CVE-2023-43800
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
Kubernetes users may update Pod labels to bypass network policy
Moderate
CVE-2023-39347
was published
for
github.com/cilium/cilium
(Go)
Sep 26, 2023
Pipelines do not validate child UIDs
Low
CVE-2023-37264
was published
for
github.com/tektoncd/pipeline
(Go)
Jul 7, 2023
go-resolver's DNSSEC validation not performed correctly
High
CVE-2022-3347
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
go-resolver vulnerable to attacker-controlled domains due to unvalidated RRSIG RRs
High
CVE-2022-3346
was published
for
github.com/peterzen/goresolver
(Go)
Dec 28, 2022
Lack of proper validation of server UUID can be used by the server to trick the client to accept invalid proofs
Moderate
CVE-2022-39199
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Insufficient Verification of Proofs generated by the immudb server in client SDK.
Moderate
CVE-2022-36111
was published
for
github.com/codenotary/immudb
(Go)
Nov 21, 2022
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Token reuse in Ory fosite
High
CVE-2020-15222
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
ProTip!
Advisories are also available from the
GraphQL API