GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authentication vulnerability
Moderate
CVE-2022-4799
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Moderate
CVE-2022-4812
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Authorization Bypass Through User-Controlled Key play-with-docker
Moderate
CVE-2023-28109
was published
for
github.com/play-with-docker/play-with-docker
(Go)
Mar 17, 2023
Go package pydio/cells vulnerable to authorization bypass
Moderate
CVE-2023-2978
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
Netmaker IDOR Allows User to Update Other User's Password
High
CVE-2023-32078
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass
Moderate
GHSA-mh7p-8m2f-qrm6
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
•
withdrawn
Grafana: Users outside an organization can delete a snapshot with its key
High
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Missing key verification in gost
Critical
CVE-2024-39223
was published
for
github.com/ginuerzh/gost
(Go)
Jul 3, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik/v2
(Go)
Jul 5, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
KubeSphere IDOR vulnerability
Moderate
CVE-2024-46528
was published
for
github.com/kubesphere/kubesphere
(Go)
Oct 14, 2024
Grafana org admin can delete pending invites in different org
Low
CVE-2024-10452
was published
for
github.com/grafana/grafana
(Go)
Oct 29, 2024
ProTip!
Advisories are also available from the
GraphQL API