Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+

88 advisories

Loading
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
usememos/memos vulnerable to improper access control Moderate
CVE-2022-4685 was published for github.com/usememos/memos (Go) Dec 23, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4684 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control High
CVE-2022-4689 was published for github.com/usememos/memos (Go) Dec 23, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4810 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4809 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4806 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4814 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4807 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster High
CVE-2022-21953 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles High
CVE-2022-43759 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Answer contains Improper Access Control vulnerability Critical
CVE-2023-0744 was published for github.com/answerdev/answer (Go) Feb 8, 2023
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts Moderate
CVE-2023-2183 was published for github.com/grafana/grafana (Go) Jun 12, 2023
sebob
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database