GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
86 advisories
Filter by severity
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
github.com/nats-io/nats-server Import token permissions checking not enforced
High
GHSA-j756-f273-xhp4
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Moderate
CVE-2021-28681
was published
for
github.com/pion/webrtc/v3
(Go)
May 25, 2021
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Improper Input Validation
Moderate
CVE-2021-3499
was published
for
github.com/ovn-org/ovn-kubernetes
(Go)
Jun 8, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
High
GHSA-qvp4-rpmr-xwrr
was published
for
github.com/ory/oathkeeper
(Go)
Jun 23, 2021
Incorrect Authorization in ORY Oathkeeper
High
CVE-2021-32701
was published
for
github.com/ory/oathkeeper
(Go)
Jun 24, 2021
Incorrect Authorization in HashiCorp Consul
Moderate
CVE-2020-7955
was published
for
github.com/hashicorp/consul
(Go)
Jul 28, 2021
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic.
Moderate
CVE-2021-38698
was published
for
github.com/hashicorp/consul
(Go)
Sep 8, 2021
Incorrect Authorization with specially crafted requests
High
CVE-2021-39206
was published
for
github.com/pomerium/pomerium
(Go)
Sep 10, 2021
Incorrect Privilege Assignment in HashiCorp Vault
High
CVE-2021-42135
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
OIDC claims not updated from Identity Provider in Pomerium
Moderate
CVE-2021-41230
was published
for
github.com/pomerium/pomerium
(Go)
Nov 10, 2021
Incorrect Authorization in NATS nats-server
High
CVE-2022-24450
was published
for
github.com/nats-io/nats-server/v2
(Go)
Feb 8, 2022
nats-io/jwt not enforcing checking of Import token permissions
Critical
CVE-2021-3127
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2
High
GHSA-9r5x-fjv3-q6h4
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
•
withdrawn
Incorrect Authorization in runc
High
CVE-2019-16884
was published
for
github.com/opencontainers/runc
(Go)
Feb 22, 2022
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
Incorrect Authorization in imgcrypt
High
CVE-2022-24778
was published
for
github.com/containerd/imgcrypt
(Go)
Mar 28, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
Kubernetes kube-apiserver unauthorized access
High
CVE-2019-11247
was published
for
k8s.io/apiextensions-apiserver
(Go)
May 24, 2022
Istio Authorization Bypass Vulnerability
Moderate
CVE-2021-31920
was published
for
istio.io/istio
(Go)
May 24, 2022
•
withdrawn
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
ProTip!
Advisories are also available from the
GraphQL API