Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
33
GitHub Actions
22
Go
2,121
Maven
5,000+
npm
3,783
NuGet
683
pip
3,465
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

225 advisories

Loading
Capture-replay in Gitea Critical
CVE-2021-45327 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
tdunlap607
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme Critical
GHSA-gp6j-vx54-5pmf was published for github.com/keep-network/keep-ecdsa (Go) Jan 6, 2022
GitLab auth uses full name instead of username as user ID, allowing impersonation Critical
CVE-2020-5415 was published for github.com/concourse/concourse (Go) Dec 20, 2021
gdetrez
Critical security issues in XML encoding in github.com/dexidp/dex Critical
CVE-2020-26290 was published for github.com/dexidp/dex (Go) Dec 20, 2021
jupenur ericchiang
justaugustus sagikazarmark
Authentication Bypass in dex Critical
CVE-2020-27847 was published for github.com/dexidp/dex (Go) Dec 20, 2021
Authorization bypass in Openshift Critical
CVE-2016-1906 was published for github.com/openshift/origin (Go) Dec 20, 2021
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx Critical
CVE-2021-32637 was published for github.com/authelia/authelia/v4 (Go) Dec 20, 2021
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
Tarslip in go-unarr Critical
CVE-2021-38197 was published for github.com/gen2brain/go-unarr (Go) Sep 1, 2021
J3rry-1729
HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 Critical
CVE-2021-38553 was published for github.com/hashicorp/vault (Go) Aug 30, 2021
avivdolev
Improper Authenication in Pion DTLS Critical
CVE-2019-20786 was published for github.com/pion/dtls (Go) Jun 29, 2021
Path Traversal in Dutchcoders transfer.sh Critical
CVE-2021-33497 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
Denial of service in go-ethereum due to CVE-2020-28362 Critical
GHSA-m6gx-rhvj-fh52 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
XML Processing error in github.com/crewjam/saml Critical
CVE-2020-27846 was published for github.com/crewjam/saml (Go) Jun 23, 2021
Auth bypass in SAML provider Critical
GHSA-433w-mm6h-rv9p was published for github.com/netlify/gotrue (Go) Jun 23, 2021
jupenur
Authentication Bypass in tyk-identity-broker Critical
CVE-2021-23365 was published for github.com/tyktechnologies/tyk-identity-broker (Go) Jun 23, 2021
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Arbitrary code execution due to an uncontrolled search path for the git binary Critical
CVE-2021-28955 was published for github.com/MichaelMure/git-bug (Go) May 25, 2021
Signature Validation Bypass Critical
GHSA-5684-g483-2249 was published for github.com/russellhaering/gosaml2 (Go) May 24, 2021
jupenur
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
Improper Authentication in InfluxDB Critical
CVE-2019-20933 was published for github.com/influxdata/influxdb (Go) May 18, 2021
Improper Input Validation in HashiCorp Vault Critical
CVE-2020-12757 was published for github.com/hashicorp/vault-plugin-secrets-gcp (Go) May 18, 2021
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Improper Authentication in Apache Traffic Control Critical
CVE-2019-12405 was published for github.com/apache/trafficcontrol (Go) May 18, 2021
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database