GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
14 advisories
Filter by severity
Gitea allowed assignment of private issues
Moderate
CVE-2022-38183
was published
for
code.gitea.io/gitea
(Go)
Aug 13, 2022
snapd failed to restrict writes to the $HOME/bin path
Moderate
CVE-2024-1724
was published
for
github.com/snapcore/snapd
(Go)
Jul 25, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Permissions bypass in KubeVirt
Moderate
CVE-2020-1701
was published
for
kubevirt.io/kubevirt
(Go)
Jun 1, 2021
Moby (Docker Engine) started with non-empty inheritable Linux process capabilities
Moderate
CVE-2022-24769
was published
for
github.com/docker/docker
(Go)
Apr 22, 2024
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Moderate
CVE-2020-12797
was published
for
github.com/hashicorp/consul
(Go)
Jun 23, 2021
Kubernetes Unsafe Cacheing
Moderate
CVE-2019-11244
was published
for
k8s.io/client-go
(Go)
Feb 15, 2022
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
CubeFS allows Kubernetes cluster-level privilege escalation
Moderate
CVE-2023-30512
was published
for
github.com/cubefs/cubefs
(Go)
Apr 12, 2023
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
Cache Manipulation Attack in Apache Traffic Control
Moderate
CVE-2020-17522
was published
for
github.com/apache/trafficcontrol
(Go)
Jun 18, 2021
Bytebase does not restrict low privilege user to access admin issues
Moderate
CVE-2022-32169
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
ProTip!
Advisories are also available from the
GraphQL API