Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,595
Maven
5,000+
npm
4,247
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

24,360 advisories

Loading
Unzip vulnerable to path traversal Critical
CVE-2020-36561 was published for github.com/yi-ge/unzip (Go) Dec 28, 2022
AWS S3 Crypto SDK sends an unencrypted hash of the plaintext alongside the ciphertext as a metadata field Moderate
CVE-2022-2582 was published for github.com/aws/aws-sdk-go (Go) Dec 28, 2022
knqyf263
Credited to knqyf263
GoBase Race Condition vulnerability Low
CVE-2022-2583 was published for github.com/ntbosscher/gobase (Go) Dec 28, 2022
Goa vulnerable to path traversal High
CVE-2019-25073 was published for github.com/goadesign/goa (Go) Dec 28, 2022
Cloud Foundry Archiver vulnerable to path traversal Critical
CVE-2018-25046 was published for code.cloudfoundry.org/archiver (Go) Dec 28, 2022
socks Infinite Loop vulnerability High
CVE-2013-10005 was published for github.com/btcsuite/go-socks (Go) Dec 28, 2022
go-unzip vulnerable to Path Traversal Critical
CVE-2020-36560 was published for github.com/artdarek/go-unzip (Go) Dec 28, 2022
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected Critical
CVE-2021-4238 was published for github.com/Masterminds/goutils (Go) Dec 28, 2022
revel is vulnerable to resource exhaustion Moderate
CVE-2020-36568 was published for github.com/revel/revel (Go) Dec 28, 2022
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison High
CVE-2015-10004 was published for github.com/robbert229/jwt (Go) Dec 28, 2022
ahh vulnerable to Path Traversal High
CVE-2020-36559 was published for aahframe.work (Go) Dec 28, 2022
go-codec-dagpb vulnerable to panic when decoding invalid blocks High
CVE-2022-2584 was published for github.com/ipld/go-codec-dagpb (Go) Dec 28, 2022
YAML Go package vulnerable to denial of service Moderate
CVE-2021-4235 was published for github.com/go-yaml/yaml (Go) Dec 28, 2022
LZ4 vulnerable to Out-of-bounds Write Critical
CVE-2014-125026 was published for github.com/cloudflare/golz4 (Go) Dec 28, 2022
Golf may allow attacker to bypass CSRF protections due to weak PRNG High
CVE-2016-15005 was published for github.com/dinever/golf (Go) Dec 28, 2022
Tendermint Client package vulnerable to Uncontrolled Resource Consumption High
CVE-2019-25072 was published for github.com/tendermint/tendermint (Go) Dec 28, 2022
Noise vulnerable to denial of service High
CVE-2021-4239 was published for github.com/flynn/noise (Go) Dec 28, 2022
golang-nanoauth authentication bypass vulnerability Critical
CVE-2020-36569 was published for github.com/nanobox-io/golang-nanoauth (Go) Dec 28, 2022
andrewpollock
Credited to andrewpollock
gorilla/handlers may allow requester to bypass expected behavior of the Same Origin Policy Critical
CVE-2017-20146 was published for github.com/gorilla/handlers (Go) Dec 28, 2022
nosurf vulnerable to improper input validation High
CVE-2020-36564 was published for github.com/justinas/nosurf (Go) Dec 28, 2022
ecnepsnai/web vulnerable to Uncontrolled Resource Consumption Critical
CVE-2021-4236 was published for github.com/ecnepsnai/web (Go) Dec 28, 2022
yaml package for Go can consume excessive amounts of CPU or memory High
CVE-2022-3064 was published for gopkg.in/yaml.v2 (Go) Dec 28, 2022
nsupdate.info has Sensitive Cookie Without 'HttpOnly' Flag Moderate
CVE-2019-25091 was published for nsupdate (pip) Dec 28, 2022
Widoco Path Traversal vulnerability High
CVE-2022-4772 was published for com.github.dgarijo:Widoco (Maven) Dec 28, 2022
Gin's default logger allows unsanitized input that can allow remote attackers to inject arbitrary log lines High
CVE-2020-36567 was published for github.com/gin-gonic/gin (Go) Dec 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database