Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,549
Maven
5,000+
npm
5,000+
NuGet
917
pip
4,798
Pub
13
RubyGems
1,038
Rust
1,237
Swift
53
Unreviewed advisories
All unreviewed
5,000+

29,215 advisories

Loading
Grav Vulnerable to Arbitrary File Read to Account Takeover High
CVE-2024-34082 was published for getgrav/grav (Composer) May 15, 2024
richighimi Credited to richighimi
Amazon JDBC Driver for Redshift SQL Injection via line comment generation Critical
CVE-2024-32888 was published for com.amazon.redshift:redshift-jdbc42 (Maven) May 15, 2024
paul-gerste-sonarsource Credited to paul-gerste-sonarsource
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
azure-file-csi-driver leaks service account tokens in the logs Moderate
CVE-2024-3744 was published for sigs.k8s.io/azurefile-csi-driver (Go) May 15, 2024
sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy Credited to pgibson1-godaddy and mtrop-godaddy mtrop-godaddy mtrop-godaddy
Duplicate Advisory: Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024 withdrawn
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins High
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana when using email as a username can block other users from signing in Moderate
CVE-2022-39229 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Email addresses and usernames can not be trusted High
CVE-2022-39306 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana User enumeration via forget password High
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (Go) May 14, 2024
r3kumar Credited to r3kumar
Grafana Race condition allowing privilege escalation Critical
CVE-2022-39328 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used High
CVE-2022-35957 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar Credited to joaxcar
Grafana Plugin signature bypass High
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting Moderate
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis Credited to mxalis
Grafana directory traversal for .cvs files Moderate
CVE-2021-43815 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for github.com/nats-io/nats-server/v2 (Go) May 14, 2024
lukas-braune Credited to lukas-braune
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database