GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,029
Maven
5,000+
npm
3,731
NuGet
662
pip
3,408
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
746 advisories
Filter by severity
SiYuan has an arbitrary file write in the host via /api/asset/upload
High
CVE-2024-55659
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read and path traversal via /api/export/exportResources
High
CVE-2024-55658
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
SiYuan has an arbitrary file read via /api/template/render
High
CVE-2024-55657
was published
for
github.com/siyuan-note/siyuan/kernel
(Go)
Dec 11, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Opencontainers runc Incorrect Authorization vulnerability
High
CVE-2023-27561
was published
for
github.com/opencontainers/runc
(Go)
Mar 3, 2023
Portainer improperly uses an encryption algorithm in the AesEncrypt function
High
CVE-2024-33662
was published
for
github.com/portainer/portainer
(Go)
Oct 2, 2024
Moby Race Condition vulnerability
High
CVE-2024-36623
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Moby Race Condition vulnerability
High
CVE-2024-36621
was published
for
github.com/moby/moby
(Go)
Nov 29, 2024
Kolide Agent Privilege Escalation (Windows, Versions >= 1.5.3, < 1.12.3)
High
CVE-2024-54131
was published
for
github.com/kolide/launcher
(Go)
Dec 3, 2024
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Taurus multi-party-sig has OT-based ECDSA protocol implementation flaws
High
GHSA-7f6p-phw2-8253
was published
for
github.com/taurusgroup/multi-party-sig
(Go)
Nov 25, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
ASA-2024-010: cosmossdk.io/math: Mismatched bit-length validation in sdk.Int and sdk.Dec can lead to panic
High
GHSA-7225-m954-23v7
was published
for
cosmossdk.io/math
(Go)
Nov 20, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
Grafana's users with permissions to create a data source can CRUD all data sources
High
CVE-2024-1442
was published
for
github.com/grafana/grafana
(Go)
Mar 7, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability
High
CVE-2024-9355
was published
for
github.com/golang-fips/openssl
(Go)
Oct 1, 2024
Git credentials are exposed in Atlantis logs
High
CVE-2024-52009
was published
for
github.com/runatlantis/atlantis
(Go)
Nov 8, 2024
CometBFT Vote Extensions: Panic when receiving a Pre-commit with an invalid data
High
GHSA-p7mv-53f2-4cwj
was published
for
github.com/cometbft/cometbft
(Go)
Nov 6, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request
High
CVE-2024-0793
was published
for
k8s.io/kubernetes
(Go)
Nov 17, 2024
Zoraxy has an authenticated command injection in the Web SSH feature
High
CVE-2024-52010
was published
for
github.com/tobychui/zoraxy
(Go)
Nov 12, 2024
Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer
High
CVE-2024-52308
was published
for
github.com/cli/cli
(Go)
Nov 14, 2024
Harbor fails to validate the user permissions when updating tag retention policies
High
CVE-2022-31670
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
User Registration Bypass in Zitadel
High
CVE-2024-49757
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
High
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
ProTip!
Advisories are also available from the
GraphQL API