GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
Path traversal vulnerability in stripe-cli
High
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
Ollama can extract members of a ZIP archive outside of the parent directory
High
CVE-2024-45436
was published
for
github.com/ollama/ollama
(Go)
Aug 29, 2024
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
LocalAI path traversal vulnerability
High
CVE-2024-5182
was published
for
github.com/go-skynet/LocalAI
(Go)
Jun 20, 2024
Vulnerabilities with the k8sGPT
High
GHSA-85rg-8m6h-825p
was published
for
github.com/k8sgpt-ai/k8sgpt
(Go)
Jun 13, 2024
Path traversal in github.com/valyala/fasthttp
High
CVE-2022-21221
was published
for
github.com/valyala/fasthttp
(Go)
Mar 18, 2022
ahh vulnerable to Path Traversal
High
CVE-2020-36559
was published
for
aahframe.work
(Go)
Dec 28, 2022
Stakater Forecastle has a directory traversal vulnerability
High
CVE-2023-40297
was published
for
github.com/stakater/Forecastle
(Go)
May 15, 2024
github.com/u-root/u-root/pkg/cpio Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7666
was published
for
github.com/u-root/u-root/pkg/cpio
(Go)
Apr 24, 2024
Container escape at build time
High
GHSA-pmf3-c36m-g5cf
was published
for
github.com/containers/buildah
(Go)
Mar 19, 2024
gin-vue-admin background arbitrary code coverage vulnerability
High
CVE-2024-31457
was published
for
github.com/flipped-aurora/gin-vue-admin/server
(Go)
Apr 9, 2024
Grafana path traversal
High
CVE-2021-43798
was published
for
github.com/grafana/grafana
(Go)
Feb 1, 2024
Arbitrary filepath traversal via URI injection
High
CVE-2021-3907
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Mattermost Injection vulnerability
High
CVE-2023-6458
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Dec 6, 2023
1Panel O&M management panel has a background arbitrary file reading vulnerability
High
CVE-2023-39964
was published
for
github.com/1Panel-dev/1Panel
(Go)
Aug 10, 2023
Arduino Create Agent path traversal - local privilege escalation vulnerability
High
CVE-2023-43802
was published
for
github.com/arduino/arduino-create-agent
(Go)
Oct 18, 2023
mrpack-install vulnerable to path traversal with dependency
High
CVE-2023-25307
was published
for
github.com/nothub/mrpack-install
(Go)
Feb 8, 2023
Nuclei Path Traversal vulnerability
High
CVE-2023-37896
was published
for
github.com/projectdiscovery/nuclei
(Go)
Aug 4, 2023
Artifact Hub arbitrary file read vulnerability
High
CVE-2023-45823
was published
for
github.com/artifacthub/hub
(Go)
Oct 19, 2023
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7669
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
containernetworking/cni improper limitation of path name
High
CVE-2021-20206
was published
for
github.com/containernetworking/cni
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API