Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
61
GitHub Actions
50
Go
3,821
Maven
5,000+
npm
5,000+
NuGet
939
pip
5,000+
Pub
13
RubyGems
1,059
Rust
1,357
Swift
54
Unreviewed advisories
All unreviewed
5,000+

3 advisories

Loading
`auth.TokenForHost` violates GitHub host security boundary when sourcing authentication token within a codespace Moderate
CVE-2024-53859 was published for github.com/cli/go-gh (Go) Nov 27, 2024
BagToad Credited to BagToad, williammartin, andyfeller, jtmcg, and Ry0taK williammartin williammartin
andyfeller andyfeller jtmcg jtmcg Ry0taK Ry0taK
Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts Moderate
CVE-2024-53858 was published for github.com/cli/cli/v2 (Go) Nov 27, 2024
BagToad Credited to BagToad, andyfeller, williammartin, jtmcg, and Ry0taK andyfeller andyfeller
williammartin williammartin jtmcg jtmcg Ry0taK Ry0taK
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Moderate
CVE-2024-54132 was published for github.com/cli/cli (Go) Dec 4, 2024
andyfeller Credited to andyfeller, jtmcg, williammartin, BagToad, and parablack jtmcg jtmcg
williammartin williammartin BagToad BagToad parablack parablack
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database