GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,056 advisories
Filter by severity
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor
High
CVE-2019-19025
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19026
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor
High
CVE-2019-19029
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Privilege Escalation in Cloud Native Computing Foundation Harbor
Moderate
CVE-2019-19023
was published
for
github.com/goharbor/harbor
(Go)
May 18, 2021
Infinite Loop in jsonparser
High
CVE-2020-10675
was published
for
github.com/buger/jsonparser
(Go)
May 18, 2021
Improper Authentication in InfluxDB
Critical
CVE-2019-20933
was published
for
github.com/influxdata/influxdb
(Go)
May 18, 2021
Allocation of Resources Without Limits or Throttling in Hashicorp Consul
High
CVE-2020-13250
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Improper Input Validation in HashiCorp Consul
Moderate
CVE-2020-13170
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Improper Input Validation in HashiCorp Vault
Critical
CVE-2020-12757
was published
for
github.com/hashicorp/vault-plugin-secrets-gcp
(Go)
May 18, 2021
Improper Certificate Validation in HashiCorp Nomad
High
CVE-2020-7956
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Allocation of Resources Without Limits or Throttling in HashiCorp Nomad
High
CVE-2020-7218
was published
for
github.com/hashicorp/nomad
(Go)
May 18, 2021
Denial of Service (DoS) in HashiCorp Consul
High
CVE-2020-7219
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Use of a Broken or Risky Cryptographic Algorithm in Terraform
High
CVE-2019-19316
was published
for
github.com/hashicorp/terraform
(Go)
May 18, 2021
Integer Overflow or Wraparound in NATS Server
High
CVE-2019-13126
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 18, 2021
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Improper Input Validation in libseccomp-golang
High
CVE-2017-18367
was published
for
github.com/seccomp/libseccomp-golang
(Go)
May 18, 2021
Rancher Vulnerable to Cross-site Request Forgery (CSRF)
High
CVE-2019-13209
was published
for
github.com/rancher/rancher
(Go)
May 18, 2021
Improper Authentication in Apache Traffic Control
Critical
CVE-2019-12405
was published
for
github.com/apache/trafficcontrol
(Go)
May 18, 2021
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information
Moderate
CVE-2019-17110
was published
for
github.com/kubernetes/kube-state-metrics
(Go)
May 18, 2021
•
withdrawn
XML Entity Expansion and Improper Input Validation in Kubernetes API server
High
CVE-2019-11253
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Out-of-bounds read in Apache Thrift
High
CVE-2019-0210
was published
for
github.com/apache/thrift
(Go)
May 18, 2021
Path Traversal in MHolt Archiver
Moderate
CVE-2019-10743
was published
for
github.com/mholt/archiver
(Go)
May 18, 2021
Cloud Foundry Routing Improper Input Validation vulnerability
High
CVE-2019-11289
was published
for
code.cloudfoundry.org/gorouter
(Go)
May 18, 2021
Cross-site Scripting in Documize
Moderate
CVE-2019-19619
was published
for
github.com/documize/community
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API