GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
119 advisories
Filter by severity
Kubernetes kubelet arbitrary command execution
High
CVE-2024-10220
was published
for
k8s.io/kubernetes
(Go)
Nov 22, 2024
Buildah allows arbitrary directory mount
Moderate
CVE-2024-9675
was published
for
github.com/containers/buildah
(Go)
Oct 9, 2024
Unpatched Remote Code Execution in Gogs
High
CVE-2024-44625
was published
for
gogs.io/gogs
(Go)
Nov 15, 2024
Path traversal vulnerability in stripe-cli
Low
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
Owncast Path Traversal vulnerability
Moderate
CVE-2024-31450
was published
for
github.com/owncast/owncast
(Go)
Aug 5, 2024
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Low
CVE-2020-8567
was published
for
github.com/Azure/secrets-store-csi-driver-provider-azure
(Go)
May 24, 2022
Hashicorp Consul Path Traversal vulnerability
High
CVE-2024-10005
was published
for
github.com/hashicorp/consul
(Go)
Oct 31, 2024
Adguard Home arbitrary file read vulnerability
High
CVE-2024-36814
was published
for
github.com/AdguardTeam/AdGuardHome
(Go)
Oct 8, 2024
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory.
Moderate
CVE-2024-47877
was published
for
github.com/codeclysm/extract
(Go)
Oct 11, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Grafana Arbitrary File Read
Moderate
CVE-2019-19499
was published
for
github.com/grafana/grafana
(Go)
Jan 31, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
LocalAI path traversal vulnerability
High
CVE-2024-5182
was published
for
github.com/go-skynet/LocalAI
(Go)
Jun 20, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Path Traversal in Docker
Moderate
CVE-2014-9356
was published
for
github.com/docker/docker
(Go)
May 18, 2021
Archiver Path Traversal vulnerability
Moderate
CVE-2024-0406
was published
for
github.com/mholt/archiver
(Go)
Apr 6, 2024
Unauthenticated Access to sensitive settings in Argo CD
Moderate
CVE-2024-37152
was published
for
github.com/argoproj/argo-cd/v2/server
(Go)
Jun 6, 2024
Vulnerabilities with the k8sGPT
High
GHSA-85rg-8m6h-825p
was published
for
github.com/k8sgpt-ai/k8sgpt
(Go)
Jun 13, 2024
moby Access to remapped root allows privilege escalation to real root
Moderate
CVE-2021-21284
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
Sender can cause a receiver to overwrite files during ZIP extraction in Croc
Moderate
CVE-2023-43616
was published
for
github.com/schollz/croc
(Go)
Sep 20, 2023
sjqzhang go-fastdfs vulnerable to path traversal
Critical
CVE-2023-1800
was published
for
github.com/sjqzhang/go-fastdfs
(Go)
Apr 2, 2023
ProTip!
Advisories are also available from the
GraphQL API