Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

705 advisories

Loading
btcd did not correctly re-implement Bitcoin Core's "FindAndDelete()" functionality High
CVE-2024-38365 was published for github.com/btcsuite/btcd (Go) Oct 10, 2024
darosior dergoegge
github.com/containers/image allows unexpected authenticated registry accesses High
CVE-2024-3727 was published for github.com/containers/image (Go) May 14, 2024
RTann
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider High
CVE-2023-22650 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher agents can be hijacked by taking over the Rancher Server URL High
CVE-2024-22030 was published for github.com/rancher/rancher (Go) Sep 26, 2024
Rancher's External RoleTemplates can lead to privilege escalation High
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec High
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher API Server Cross-site Scripting Vulnerability High
CVE-2023-32192 was published for github.com/rancher/apiserver (Go) Feb 8, 2024
diego95root kujalamathias
Norman API Cross-site Scripting Vulnerability High
CVE-2023-32193 was published for github.com/rancher/norman (Go) Feb 8, 2024
diego95root kujalamathias
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' High
CVE-2023-32194 was published for github.com/rancher/rancher (Go) Feb 8, 2024
Rancher 'Audit Log' leaks sensitive information High
CVE-2023-22649 was published for github.com/rancher/rancher (Go) Feb 8, 2024
Podman vulnerable to memory-based denial of service High
CVE-2024-3056 was published for github.com/containers/podman (Go) Aug 2, 2024
Openshift Console insufficient entropy vulnerability High
CVE-2024-6508 was published for github.com/openshift/console (Go) Aug 21, 2024
Vault Community Edition privilege escalation vulnerability High
CVE-2024-9180 was published for github.com/hashicorp/vault (Go) Oct 10, 2024
Adguard Home arbitrary file read vulnerability High
CVE-2024-36814 was published for github.com/AdguardTeam/AdGuardHome (Go) Oct 8, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact High
CVE-2024-47534 was published for github.com/theupdateframework/go-tuf/v2 (Go) Oct 1, 2024
AdamKorcz mamccorm
PAM module may allow accessing with the credentials of another user High
CVE-2024-9313 was published for github.com/ubuntu/authd (Go) Oct 3, 2024
3v1n0 didrocks
adombeck
Pomerium service account access token may grant unintended access to databroker API High
CVE-2024-47616 was published for github.com/pomerium/pomerium (Go) Oct 2, 2024
Portainer improperly uses an encryption algorithm in the AesEncrypt function High
CVE-2024-33662 was published for github.com/portainer/portainer (Go) Oct 2, 2024
Golang FIPS OpenSSL has a Use of Uninitialized Variable vulnerability High
CVE-2024-9355 was published for github.com/golang-fips/openssl (Go) Oct 1, 2024
Vault SSH Secrets Engine Configuration Did Not Restrict Valid Principals By Default High
CVE-2024-7594 was published for github.com/hashicorp/vault (Go) Sep 26, 2024
Duplicate Advisory: Juju Unprotected Alternate Channel vulnerability High
GHSA-85qf-6845-m8p2 was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
Duplicate Advisory: Juju makes Use of Weak Credentials High
GHSA-phh4-3hmm-24rx was published for github.com/juju/juju (Go) Oct 2, 2024 withdrawn
Code injection in ansible semaphore High
CVE-2023-39059 was published for github.com/ansible-semaphore/semaphore (Go) Aug 29, 2023
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability High
CVE-2023-5077 was published for github.com/hashicorp/vault (Go) Sep 29, 2023
Memory leaks in code encrypting and verifying RSA payloads High
CVE-2024-1394 was published for github.com/golang-fips/go (Go) Mar 20, 2024
qmuntal r3kumar
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database