Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,203
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,945 advisories

Loading
Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage Moderate
GHSA-qfv2-3p2f-vg48 was published for com.linecorp.centraldogma:centraldogma-server (Maven) Feb 2, 2024 withdrawn
Dash apps vulnerable to Cross-site Scripting Moderate
CVE-2024-21485 was published for dash (npm) Feb 2, 2024
graingert Credited to graingert
Beetl Server-Side Template Injection vulnerability Critical
CVE-2024-22533 was published for com.ibeetl:beetl-core (Maven) Feb 2, 2024
yoshizawa-masatoshi Credited to yoshizawa-masatoshi
Bref vulnerable to Body Parsing Inconsistency in Event-Driven Functions Low
CVE-2024-24754 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury
Bref Doesn't Support Multiple Value Headers in ApiGatewayFormatV2 Moderate
CVE-2024-24753 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
Bref's Uploaded Files Not Deleted in Event-Driven Functions Moderate
CVE-2024-24752 was published for bref/bref (Composer) Feb 1, 2024
smaury Credited to smaury and mnapoli mnapoli mnapoli
Statmic CMS vulnerable to account takeover via XSS and password reset link High
CVE-2024-24570 was published for statamic/cms (Composer) Feb 1, 2024
sec-consult Credited to sec-consult
Vyper's bounds check on built-in `slice()` function can be overflowed Critical
CVE-2024-24561 was published for vyper (pip) Feb 1, 2024
zobront Credited to zobront and kuroi8 kuroi8 kuroi8
Classic builder cache poisoning Moderate
CVE-2024-24557 was published for github.com/docker/docker (Go) Feb 1, 2024
vvoland Credited to vvoland, rumpl, and gabriellavengeo rumpl rumpl
gabriellavengeo gabriellavengeo
Minio unsafe default: Access keys inherit `admin` of root user, allowing privilege escalation High
CVE-2024-24747 was published for github.com/minio/minio (Go) Feb 1, 2024
NiklasBeierl Credited to NiklasBeierl, xSke, and donatello xSke xSke
donatello donatello
glance-store logs s3 access keys Moderate
CVE-2024-1141 was published for glance-store (pip) Feb 1, 2024
m3t3kh4n Credited to m3t3kh4n
livewire Cross-Site Request Forgery vulnerability High
CVE-2024-22859 was published for livewire/livewire (Composer) Feb 1, 2024 withdrawn
Treggats Credited to Treggats and valorin valorin valorin
Hashicorp Vault may expose sensitive log information Moderate
CVE-2024-0831 was published for github.com/hashicorp/vault (Go) Feb 1, 2024
Grafana path traversal High
CVE-2021-43798 was published for github.com/grafana/grafana (Go) Feb 1, 2024
jordyv Credited to jordyv
Grafana Cross Site Request Forgery (CSRF) Moderate
CVE-2022-21703 was published for github.com/grafana/grafana/pkg/web (Go) Feb 1, 2024
wasmtime_trap_code C API function has out of bounds write vulnerability Low
CVE-2022-39394 was published for wasmtime (Rust) Feb 1, 2024
kpreisser Credited to kpreisser
Moby (Docker Engine) Insufficiently restricted permissions on data directory Moderate
CVE-2021-41091 was published for github.com/docker/docker (Go) Jan 31, 2024
joanbm Credited to joanbm, AlonZa, and neersighted AlonZa AlonZa
neersighted neersighted
Grafana Cross-site Scripting (XSS) Moderate
CVE-2018-12099 was published for github.com/grafana/grafana (Go) Jan 31, 2024
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted Credited to neersighted
containerd environment variable leak Moderate
CVE-2021-21334 was published for github.com/containerd/containerd (Go) Jan 31, 2024
Improper Authentication in HashiCorp Vault High
CVE-2021-3282 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman Credited to bgeesaman, joshlarsen, IanColdwater, mauilion, raesene, cpuguy83, and neersighted joshlarsen joshlarsen
IanColdwater IanColdwater mauilion mauilion raesene raesene cpuguy83 cpuguy83 neersighted neersighted
moby Access to remapped root allows privilege escalation to real root Moderate
CVE-2021-21284 was published for github.com/moby/moby (Go) Jan 31, 2024
ajxchapman Credited to ajxchapman, awprice, nathanburrell, raulgomis, chris-walz, mark-adams, dbaxa, cpuguy83, and neersighted awprice awprice
nathanburrell nathanburrell raulgomis raulgomis chris-walz chris-walz mark-adams mark-adams dbaxa dbaxa cpuguy83 cpuguy83 neersighted neersighted
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted Credited to neersighted
Enumeration of users in HashiCorp Vault Moderate
CVE-2020-35177 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database