Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
46
GitHub Actions
48
Go
3,343
Maven
5,000+
npm
5,000+
NuGet
881
pip
4,550
Pub
12
RubyGems
1,013
Rust
1,204
Swift
51
Unreviewed advisories
All unreviewed
5,000+

27,947 advisories

Loading
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted Credited to neersighted
Enumeration of users in HashiCorp Vault Moderate
CVE-2020-35177 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
Privilege Escalation in HashiCorp Consul Moderate
CVE-2020-28053 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Denial of service in HashiCorp Consul High
CVE-2020-25201 was published for github.com/hashicorp/consul (Go) Jan 31, 2024
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
runc vulnerable to container breakout through process.cwd trickery and leaked fds High
CVE-2024-21626 was published for github.com/opencontainers/runc (Go) Jan 31, 2024
rmcnamara-snyk Credited to rmcnamara-snyk, cyphar, and lifubang cyphar cyphar
lifubang lifubang
BuildKit vulnerable to possible panic when incorrect parameters sent from frontend Moderate
CVE-2024-23650 was published for github.com/moby/buildkit (Go) Jan 31, 2024
cpuguy83 Credited to cpuguy83
BuildKit vulnerable to possible race condition with accessing subpaths from cache mounts High
CVE-2024-23651 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk Credited to rmcnamara-snyk
BuildKit vulnerable to possible host system access from mount stub cleaner Critical
CVE-2024-23652 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk Credited to rmcnamara-snyk
Buildkit's interactive containers API does not validate entitlements check Critical
CVE-2024-23653 was published for github.com/moby/buildkit (Go) Jan 31, 2024
rmcnamara-snyk Credited to rmcnamara-snyk
nodemailer ReDoS when trying to send a specially crafted email Moderate
GHSA-9h6g-pr28-7cqp was published for nodemailer (npm) Jan 31, 2024
francoatmega Credited to francoatmega and dsimk dsimk dsimk
stereoscope vulnerable to tar path traversal when processing OCI tar archives Moderate
CVE-2024-24579 was published for github.com/anchore/stereoscope (Go) Jan 31, 2024
wagoodman Credited to wagoodman, joshbressers, and nurmi joshbressers joshbressers
nurmi nurmi
C5 Firefly III CSV Injection. Moderate
GHSA-29w6-c52g-m8jc was published for grumpydictator/firefly-iii (Composer) Jan 31, 2024
Ab4y98 Credited to Ab4y98
@lobehub/chat vulnerable to unauthorized access to plugins Moderate
CVE-2024-24566 was published for @lobehub/chat (npm) Jan 31, 2024
dastaj Credited to dastaj
OctoPrint Unverified Password Change via Access Control Settings Moderate
CVE-2024-23637 was published for OctoPrint (pip) Jan 31, 2024
tkruppert Credited to tkruppert
Label Studio SSRF on Import Bypassing `SSRF_PROTECTION_ENABLED` Protections Moderate
CVE-2023-47116 was published for label-studio (pip) Jan 31, 2024
alex-elttam Credited to alex-elttam and isacaya isacaya isacaya
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability Moderate
CVE-2023-44312 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Apache ServiceComb Service-Center Server-Side Request Forgery vulnerability High
CVE-2023-44313 was published for github.com/apache/servicecomb-service-center (Go) Jan 31, 2024
Spring Cloud Contract vulnerable to local information disclosure Low
CVE-2024-22236 was published for org.springframework.cloud:spring-cloud-contract-shade (Maven) Jan 31, 2024
HashiCorp Vault Authentication bypass High
CVE-2020-16251 was published for github.com/hashicorp/vault (Go) Jan 31, 2024
andrewpollock Credited to andrewpollock
Etcd Gateway TLS authentication only applies to endpoints detected in DNS SRV records Moderate
CVE-2020-15136 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Etcd Gateway can include itself as an endpoint resulting in resource exhaustion High
CVE-2020-15114 was published for go.etcd.io/etcd (Go) Jan 31, 2024
Memory over-allocation in evm crate Moderate
CVE-2021-29511 was published for evm (Rust) Jan 30, 2024
Improper Preservation of Permissions in etcd Moderate
CVE-2020-15113 was published for github.com/etcd-io/etcd (Go) Jan 30, 2024
Grafana XSS via adding a link in General feature Moderate
CVE-2018-18625 was published for github.com/grafana/grafana (Go) Jan 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database