Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,685
Maven
5,000+
npm
4,318
NuGet
760
pip
4,092
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5 advisories

Loading
HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass High
CVE-2025-11621 was published for github.com/hashicorp/vault (Go) Oct 23, 2025
Docker Authentication Bypass High
CVE-2018-12608 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Credited to neersighted
kube-apiserver authentication bypass vulnerability High
CVE-2023-1260 was published for github.com/openshift/apiserver-library-go (Go) Sep 24, 2023
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Proximyst
Credited to Proximyst
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database