Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,458
Erlang
29
GitHub Actions
16
Go
1,691
Maven
4,934
npm
3,466
NuGet
601
pip
2,971
Pub
10
RubyGems
825
Rust
767
Swift
34
Unreviewed advisories
All unreviewed
5,000+

18,583 advisories

sshpiper's enabling of proxy protocol without proper feature flagging allows faking source address Moderate
CVE-2024-35175 was published for github.com/tg123/sshpiper (Go) May 14, 2024
pgibson1-godaddy mtrop-godaddy
Nokogiri updates packaged libxml2 to v2.12.7 to resolve CVE-2024-34459 Low
GHSA-r3w4-36x6-7r99 was published for nokogiri (RubyGems) May 14, 2024
Grafana folders admin only permission privilege escalation High
CVE-2022-36062 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins Moderate
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana when using email as a username can block other users from signing in Moderate
CVE-2022-39229 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Email addresses and usernames can not be trusted Moderate
CVE-2022-39306 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana User enumeration via forget password Moderate
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Spoofing originalUrl of snapshots Moderate
CVE-2022-39324 was published for github.com/grafana/grafana (pip) May 14, 2024
Grafana Race condition allowing privilege escalation Critical
CVE-2022-39328 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Escalation from admin to server admin when auth proxy is used Moderate
CVE-2022-35957 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints leaking authentication tokens to some destination plugins Moderate
CVE-2022-31130 was published for github.com/grafana/grafana (Go) May 14, 2024
joaxcar
Grafana Plugin signature bypass Moderate
CVE-2022-31123 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana account takeover via OAuth vulnerability High
CVE-2022-31107 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Stored Cross-site Scripting in Unified Alerting High
CVE-2022-31097 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana proxy Cross-site Scripting Moderate
CVE-2022-21702 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Forward OAuth Identity Token can allow users to access some data sources Low
CVE-2022-21673 was published for github.com/grafana/grafana (Go) May 14, 2024
mxalis
Grafana directory traversal for .cvs files Moderate
CVE-2021-43815 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Fine-grained access control vulnerability Critical
CVE-2021-41244 was published for github.com/grafana/grafana (Go) May 14, 2024
containerd started with non-empty inheritable Linux process capabilities Low
GHSA-c9cp-9c75-9v8c was published for github.com/containerd/containerd (Go) May 14, 2024
NATS server TLS missing ciphersuite settings when CLI flags used Low
CVE-2021-32026 was published for https://pkg.go.dev/github.com/nats-io/nats-server/v2 (Go) May 14, 2024
dotmesh arbitrary file read and/or write High
CVE-2020-26312 was published for github.com/dotmesh-io/dotmesh (Go) May 14, 2024
Reportico Web fails to invalidate cookies upon logout Moderate
CVE-2024-31556 was published for reportico-web/reportico (Composer) May 14, 2024
Microsoft Security Advisory CVE-2024-30046 | .NET Denial of Service Vulnerability Moderate
CVE-2024-30046 was published for Microsoft.AspNetCore.App.Runtime.linux-arm (NuGet) May 14, 2024
Microsoft Security Advisory CVE-2024-30045 | .NET Remote code Execution Vulnerability Moderate
CVE-2024-30045 was published for Microsoft.NetCore.App.Runtime.linux-arm (NuGet) May 14, 2024
ProTip! Advisories are also available from the GraphQL API