GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,941 advisories
Filter by severity
ZITADEL has improper HTML sanitization in emails and Console UI
Moderate
CVE-2024-41953
was published
for
github.com/zitadel/zitadel
(Go)
Jul 31, 2024
Harbor fails to validate the user permissions when updating project configurations
Moderate
CVE-2024-22278
was published
for
github.com/goharbor/harbor
(Go)
Jul 31, 2024
pREST vulnerable to jwt bypass + sql injection
Critical
GHSA-wm25-j4gw-6vr3
was published
for
github.com/prest/prest
(Go)
Jul 30, 2024
Authz zero length regression
Critical
CVE-2024-41110
was published
for
github.com/docker/docker
(Go)
Jul 30, 2024
Duplicate Advisory: Juju leaks of the sensitive context ID
High
GHSA-8c64-q78q-87r6
was published
for
github.com/juju/juju
(Go)
Jul 29, 2024
•
withdrawn
snapd failed to properly check the destination of symbolic links when extracting a snap
Moderate
CVE-2024-29069
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
snapd failed to restrict writes to the $HOME/bin path
Moderate
CVE-2024-1724
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
snapd failed to properly check the file type when extracting a snap
Moderate
CVE-2024-29068
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
fabedge has insecure permissions
High
CVE-2024-36536
was published
for
github.com/fabedge/fabedge
(Go)
Jul 24, 2024
Volcano has insecure permissions
Critical
CVE-2024-36533
was published
for
github.com/volcano-sh/volcano
(Go)
Jul 24, 2024
The Argo CD web terminal session does not handle the revocation of user permissions properly
Moderate
CVE-2024-41666
was published
for
github.com/argoproj/argo-cd/v2
(Go)
Jul 24, 2024
Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint
High
CVE-2024-40634
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 22, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
High
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
github.com/gitpod-io/gitpod vulnerable to Cookie Tossing
Moderate
CVE-2024-21583
was published
for
github.com/gitpod-io/gitpod
(Go)
Jul 19, 2024
Kubernetes sets incorrect permissions on Windows containers logs
Moderate
CVE-2024-5321
was published
for
k8s.io/kubernetes
(Go)
Jul 18, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
1Panel has an SQL injection issue related to the orderBy clause
Critical
CVE-2024-39907
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 18, 2024
projectdiscovery/nuclei allows unsigned code template execution through workflows
High
CVE-2024-40641
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Jul 17, 2024
Skupper uses a static cookie secret for the openshift oauth-proxy
Moderate
CVE-2024-6535
was published
for
github.com/skupperproject/skupper
(Go)
Jul 17, 2024
ZITADEL Go's GRPC example code vulnerability - GO-2024-2687 HTTP/2 CONTINUATION flood in net/http
Moderate
GHSA-qc6v-5g5m-8cw2
was published
for
github.com/zitadel/zitadel-go/v3
(Go)
Jul 15, 2024
SQL Injection in the KubeClarity REST API
Moderate
CVE-2024-39909
was published
for
github.com/openclarity/kubeclarity/backend
(Go)
Jul 12, 2024
Hashicorp Vault vulnerable to Improper Check or Handling of Exceptional Conditions
High
CVE-2024-6468
was published
for
github.com/hashicorp/vault
(Go)
Jul 11, 2024
NATS Server and Streaming Server fails to enforce negative user permissions, may allow denied subjects
Moderate
CVE-2022-29946
was published
for
github.com/nats-io/nats-server
(Go)
Jul 11, 2024
ProTip!
Advisories are also available from the
GraphQL API