GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
913 advisories
Filter by severity
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
Harbor fails to validate the user permissions when updating a robot account
Moderate
CVE-2022-31667
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag immutability policies
Moderate
CVE-2022-31669
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs
Moderate
CVE-2022-31671
was published
for
github.com/goharbor/harbor
(Go)
Sep 9, 2022
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
Improper Input Validation in Buildah and Podman
Moderate
CVE-2024-9407
was published
for
github.com/containers/buildah
(Go)
Oct 1, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
Hashicorp Consul Improper Neutralization of HTTP Headers for Scripting Syntax vulnerability
Moderate
CVE-2024-10006
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Hashicorp Nomad Incorrect Authorization vulnerability
Moderate
CVE-2024-10975
was published
for
github.com/hashicorp/nomad
(Go)
Nov 7, 2024
Kanister vulnerable to cluster-level privilege escalation
Moderate
CVE-2024-43403
was published
for
github.com/kanisterio/kanister
(Go)
Aug 20, 2024
Golang protojson.Unmarshal function infinite loop when unmarshaling certain forms of invalid JSON
Moderate
CVE-2024-24786
was published
for
google.golang.org/protobuf
(Go)
Mar 6, 2024
Cross-site Scripting in github.com/greenpau/caddy-security
Moderate
CVE-2024-21496
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 17, 2024
Safearchive Path Traversal vulnerability
Moderate
CVE-2024-10389
was published
for
github.com/google/safearchive
(Go)
Nov 4, 2024
Hashicorp Consul Cross-site Scripting vulnerability
Moderate
CVE-2024-10086
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Mattermost Server vulnerable to application crash from attacker-generated large response
Moderate
CVE-2024-47401
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Mattermost Server Path Traversal vulnerability that leads to Cross-Site Request Forgery
Moderate
CVE-2024-46872
was published
for
github.com/mattermost/mattermost/server/v8
(Go)
Oct 29, 2024
Gnark out-of-memory during deserialization with crafted inputs
Moderate
CVE-2024-50354
was published
for
github.com/consensys/gnark
(Go)
Oct 31, 2024
KubeSphere IDOR vulnerability
Moderate
CVE-2024-46528
was published
for
github.com/kubesphere/kubesphere
(Go)
Oct 14, 2024
Cilium's CIDR deny policies may not take effect when a more narrow CIDR allow is present
Moderate
CVE-2024-47825
was published
for
github.com/cilium/cilium
(Go)
Oct 21, 2024
Apache Solr Operator liveness and readiness probes may leak basic auth credentials
Moderate
CVE-2024-31391
was published
for
github.com/apache/solr-operator
(Go)
Apr 12, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Moderate
CVE-2024-21583
was published
for
github.com/gitpod-io/gitpod
(Go)
Jul 19, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window
Moderate
CVE-2024-45244
was published
for
github.com/hyperledger/fabric
(Go)
Aug 25, 2024
NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
CVE-2024-0133
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Oct 29, 2024
Duplicate Advisory: NVIDIA Container Toolkit allows specially crafted container image to create empty files on the host file system
Moderate
GHSA-g4pj-mx9f-m2mh
was published
for
github.com/NVIDIA/nvidia-container-toolkit
(Go)
Sep 26, 2024
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API