GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Aliases are never checked in helm
Low
CVE-2020-15184
was published
for
helm.sh/helm
(Go)
May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm
Low
CVE-2020-15185
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
plugin.yaml file allows for duplicate entries in helm
Low
CVE-2020-15187
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker
High
CVE-2021-41232
was published
for
github.com/stevenweathers/thunderdome-planning-poker
(Go)
Nov 8, 2021
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Rancher code injection via fluentd config commands
High
CVE-2019-12303
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
b3log Wide unauthenticated file access
High
CVE-2019-13915
was published
for
github.com/b3log/wide
(Go)
May 24, 2022
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection
Critical
CVE-2021-43350
was published
for
github.com/apache/trafficcontrol
(Go)
May 24, 2022
Denial of service (DoS) when processing Git credentials
Moderate
CVE-2022-43756
was published
for
github.com/rancher/wrangler
(Go)
Jan 25, 2023
Abstrium Pydio Cells Resource Injection vulnerability
Moderate
CVE-2023-2980
was published
for
github.com/pydio/cells/v4
(Go)
May 30, 2023
1Panel vulnerable to command injection when adding container repositories
Moderate
CVE-2023-36457
was published
for
github.com/1Panel-dev/1Panel
(Go)
Jul 5, 2023
Kiali content spoofing vulnerability
Moderate
CVE-2022-3962
was published
for
github.com/kiali/kiali
(Go)
Sep 23, 2023
Ingress nginx annotation injection causes arbitrary command execution
High
CVE-2023-5043
was published
for
k8s.io/ingress-nginx
(Go)
Oct 25, 2023
Mattermost Injection vulnerability
Low
CVE-2023-35075
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Nov 27, 2023
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
ewen-lbh/ffcss Late-Unicode normalization vulnerability
Moderate
CVE-2023-52081
was published
for
github.com/ewen-lbh/ffcss
(Go)
Dec 28, 2023
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF
High
CVE-2024-23828
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Sliver Allows Authenticated Operator-to-Server Remote Code Execution
High
CVE-2024-41111
was published
for
github.com/bishopfox/sliver
(Go)
Jul 18, 2024
Woodpecker's custom environment variables allow to alter execution flow of plugins
Moderate
CVE-2024-41122
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
Plenti arbitrary file write vulnerability
High
CVE-2024-49380
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
Plenti arbitrary file deletion vulnerability
High
CVE-2024-49381
was published
for
github.com/plentico/plenti
(Go)
Oct 31, 2024
ProTip!
Advisories are also available from the
GraphQL API