GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete
High
GHSA-28q9-9c3g-v3f9
was published
for
github.com/treeverse/lakefs
(Go)
Sep 23, 2022
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Improper Access Control in Lightning Network Daemon
High
CVE-2019-12999
was published
for
github.com/lightningnetwork/lnd
(Go)
May 18, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
usememos/memos vulnerable to improper access control
Moderate
CVE-2022-4685
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server
Moderate
CVE-2021-22565
was published
for
github.com/google/exposure-notifications-verification-server
(Go)
Nov 10, 2021
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4684
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos vulnerable to account takeover due to improper access control
High
CVE-2022-4689
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4809
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4814
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4810
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4807
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
Authenticated user can gain unauthorized shell pod and kubectl access in the local cluster
High
CVE-2022-21953
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Privilege escalation in project role template binding (PRTB) and -promoted roles
High
CVE-2022-43759
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Answer contains Improper Access Control vulnerability
Critical
CVE-2023-0744
was published
for
github.com/answerdev/answer
(Go)
Feb 8, 2023
Improper Access Control in github.com/treeverse/lakefs
Moderate
GHSA-m836-gxwq-j2pm
was published
for
github.com/treeverse/lakefs
(Go)
Oct 28, 2021
Grafana has Broken Access Control in Alert manager: Viewer can send test alerts
Moderate
CVE-2023-2183
was published
for
github.com/grafana/grafana
(Go)
Jun 12, 2023
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level
High
CVE-2022-1025
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 13, 2022
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
ProTip!
Advisories are also available from the
GraphQL API