GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,940 advisories
Filter by severity
Vault Community Edition privilege escalation vulnerability
High
CVE-2024-9180
was published
for
github.com/hashicorp/vault
(Go)
Oct 10, 2024
Permissive Regular Expression in tacquito
High
GHSA-p5wf-cmr4-xrwr
was published
for
github.com/facebookincubator/tacquito
(Go)
Oct 18, 2024
VM images built with Image Builder with some providers use default credentials during builds in github.com/kubernetes-sigs/image-builder
Moderate
CVE-2024-9594
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
VM images built with Image Builder and Proxmox provider use default credentials in github.com/kubernetes-sigs/image-builder
Critical
CVE-2024-9486
was published
for
github.com/kubernetes-sigs/image-builder
(Go)
Oct 15, 2024
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality
High
CVE-2024-38365
was published
for
github.com/btcsuite/btcd
(Go)
Oct 10, 2024
github.com/containers/image allows unexpected authenticated registry accesses
High
CVE-2024-3727
was published
for
github.com/containers/image
(Go)
May 14, 2024
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider
High
CVE-2023-22650
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL
High
CVE-2024-22030
was published
for
github.com/rancher/rancher
(Go)
Sep 26, 2024
rke's credentials are stored in the RKE1 Cluster state ConfigMap
Critical
CVE-2023-32191
was published
for
github.com/rancher/rke
(Go)
Jun 17, 2024
Rancher's External RoleTemplates can lead to privilege escalation
High
CVE-2023-32196
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
High
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Rancher API Server Cross-site Scripting Vulnerability
High
CVE-2023-32192
was published
for
github.com/rancher/apiserver
(Go)
Feb 8, 2024
Norman API Cross-site Scripting Vulnerability
High
CVE-2023-32193
was published
for
github.com/rancher/norman
(Go)
Feb 8, 2024
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core'
High
CVE-2023-32194
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
JWT token compromise can allow malicious actions including Remote Code Execution (RCE)
Critical
CVE-2023-32188
was published
for
github.com/neuvector/neuvector
(Go)
Oct 6, 2023
Rancher 'Audit Log' leaks sensitive information
High
CVE-2023-22649
was published
for
github.com/rancher/rancher
(Go)
Feb 8, 2024
Podman vulnerable to memory-based denial of service
High
CVE-2024-3056
was published
for
github.com/containers/podman
(Go)
Aug 2, 2024
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting
Moderate
CVE-2023-52430
was published
for
github.com/greenpau/caddy-security
(Go)
Feb 13, 2024
Infinite loop in github.com/gomarkdown/markdown
Moderate
CVE-2024-44337
was published
for
github.com/gomarkdown/markdown
(Go)
Oct 15, 2024
Openshift Console insufficient entropy vulnerability
High
CVE-2024-6508
was published
for
github.com/openshift/console
(Go)
Aug 21, 2024
Link Following in github.com/containers/common
Moderate
CVE-2024-9341
was published
for
github.com/containers/common
(Go)
Oct 1, 2024
Evmos allows unvested token delegations
Moderate
CVE-2024-37154
was published
for
github.com/evmos/evmos/v10
(Go)
Jun 6, 2024
SpiceDB calls to LookupResources using LookupResources2 with caveats may return context is missing when it is not
Low
CVE-2024-48909
was published
for
github.com/authzed/spicedb
(Go)
Oct 14, 2024
Go-Landlock in best-effort mode did not restrict TCP bind and connect operations correctly
Low
GHSA-vv6c-69r6-chg9
was published
for
github.com/landlock-lsm/go-landlock
(Go)
Oct 14, 2024
Nuclei Template Signature Verification Bypass
Moderate
CVE-2024-43405
was published
for
github.com/projectdiscovery/nuclei/v3
(Go)
Sep 4, 2024
ProTip!
Advisories are also available from the
GraphQL API