Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,617
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

11 advisories

Loading
Grafana vulnerable to Stored Cross-site Scripting in Text plugin Moderate
CVE-2023-22462 was published for github.com/grafana/grafana (Go) Mar 1, 2023
Churro michaelkedar
Credited to Churro and michaelkedar
openssl-src contains Double free after calling `PEM_read_bio_ex` High
CVE-2022-4450 was published for openssl-src (Rust) Feb 8, 2023
michaelkedar
Credited to michaelkedar
matrix-sdk-crypto contains potential impersonation via room key forward responses Moderate
CVE-2022-39252 was published for matrix-sdk-crypto (Rust) Sep 30, 2022
michaelkedar
Credited to michaelkedar
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Credited to michaelkedar
Harbor fails to validate the user permissions when updating tag retention policies High
CVE-2022-31670 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Credited to michaelkedar
Duplicate Advisory: KubeVirt arbitrary host file read from the VM Moderate
CVE-2022-1798 was published for kubevirt.io/kubevirt (Go) Aug 18, 2022 withdrawn
0xdidu michaelkedar
Credited to 0xdidu and michaelkedar
Type confusion if __private_get_type_id__ is overriden Critical
CVE-2020-25575 was published for failure (Rust) Jun 16, 2022
michaelkedar
Credited to michaelkedar
openssl-src's infinite loop in `BN_mod_sqrt()` reachable when parsing certificates High
CVE-2022-0778 was published for openssl-src (Rust) Mar 16, 2022
rajivshah3 michaelkedar
Credited to rajivshah3 and michaelkedar
Infinite open connection causes OctoRPKI to hang forever Moderate
CVE-2021-3909 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
michaelkedar
Credited to michaelkedar
Permissions bypass in pleaser High
CVE-2021-31155 was published for pleaser (Rust) Aug 25, 2021
michaelkedar
Credited to michaelkedar
Segmentation fault in time Moderate
CVE-2020-26235 was published for time (Rust) Aug 25, 2021
quininer JamieMagee
fenhl sugar700 jhpratt michaelkedar
Credited to quininer, JamieMagee, fenhl, sugar700, jhpratt, and michaelkedar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database