Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,762
NuGet
678
pip
3,447
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

773 advisories

Loading
libp2p nodes vulnerable to OOM attack High
CVE-2023-40583 was published for github.com/libp2p/go-libp2p (Go) Aug 24, 2023
marten-seemann
Argo CD web terminal session doesn't expire High
CVE-2023-40025 was published for github.com/argoproj/argo-cd (Go) Aug 23, 2023
zhlu32
etcd denial of service vulnerability High
CVE-2022-34038 was published for go.etcd.io/etcd/v3 (Go) Aug 22, 2023 withdrawn
reedloden
Weaviate denial of service vulnerability High
CVE-2023-38976 was published for github.com/weaviate/weaviate (Go) Aug 22, 2023
360AIVul
Woodpecker does not validate webhook before changing any data High
CVE-2023-40034 was published for github.com/woodpecker-ci/woodpecker (Go) Aug 16, 2023
anbraten 6543
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading High
CVE-2023-40023 was published for github.com/yaklang/yaklang (Go) Aug 15, 2023
Phelaine
1Panel arbitrary file write vulnerability High
CVE-2023-39966 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
1Panel O&M management panel has a background arbitrary file reading vulnerability High
CVE-2023-39964 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
darkfive2022
Consul JWT Auth in L7 Intentions Allow for Mismatched Service Identity and JWT Providers High
CVE-2023-3518 was published for github.com/hashicorp/consul (Go) Aug 9, 2023
anonymous4ACL24
libp2p nodes vulnerable to attack using large RSA keys High
CVE-2023-39533 was published for github.com/libp2p/go-libp2p (Go) Aug 9, 2023
marten-seemann
Nuclei Path Traversal vulnerability High
CVE-2023-37896 was published for github.com/projectdiscovery/nuclei (Go) Aug 4, 2023
Answer has Weak Password Requirements High
CVE-2023-4125 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Answer Missing Authorization vulnerability High
CVE-2023-4124 was published for github.com/answerdev/answer (Go) Aug 3, 2023
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
goproxy Denial of Service vulnerability High
CVE-2023-37788 was published for github.com/elazarl/goproxy (Go) Jul 18, 2023
1Panel command injection vulnerability in Firewall ip functionality High
CVE-2023-37477 was published for github.com/1Panel-dev/1Panel (Go) Jul 18, 2023
Malayke amascia-gg
avro vulnerable to denial of service via attacker-controlled parameter High
CVE-2023-37475 was published for github.com/hamba/avro (Go) Jul 17, 2023
AdamKorcz
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
mx-chain-go's relayed transactions always increment nonce High
CVE-2023-34458 was published for github.com/multiversx/mx-chain-go (Go) Jul 13, 2023
Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation High
CVE-2023-24999 was published for github.com/hashicorp/vault (Go) Jul 6, 2023
HashiCorp Boundary Workers Store Rotated Credentials in Plaintext Even When Key Management Service Configured High
CVE-2023-0690 was published for github.com/hashicorp/boundary (Go) Jul 6, 2023
CometBFT may duplicate transactions in the mempool's data structures High
CVE-2023-34451 was published for github.com/cometbft/cometbft (Go) Jul 5, 2023
otrack
Sealos billing system permission control defect High
CVE-2023-36815 was published for github.com/labring/sealos (Go) Jun 30, 2023
DVKunion
Coraza has potential denial of service vulnerability High
CVE-2023-40586 was published for github.com/corazawaf/coraza/v2 (Go) Jun 26, 2023
rmb122
cheqd-node subject to Cosmos SDK "Barberry" vulnerability High
GHSA-8qxh-2gh8-r923 was published for github.com/cheqd/cheqd-node (Go) Jun 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database