Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

137 advisories

Loading
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write Low
CVE-2020-8567 was published for github.com/Azure/secrets-store-csi-driver-provider-azure (Go) May 24, 2022
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
Kubernetes in OpenShift3 Access Control Misconfiguration Low
CVE-2015-7561 was published for k8s.io/kubernetes (Go) May 13, 2022
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition Low
GHSA-h2x7-2ff6-v32p was published for github.com/ntbosscher/gobase (Go) Feb 11, 2022
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
OCI Manifest Type Confusion Issue Low
GHSA-qq97-vm5h-rrhg was published for github.com/docker/distribution (Go) Feb 8, 2022
samuelkarp
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
kubectl ANSI escape characters not filtered Low
CVE-2021-25743 was published for k8s.io/kubernetes (Go) Jan 8, 2022
dgl
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Clarify Content-Type handling Low
CVE-2021-41190 was published for github.com/opencontainers/distribution-spec (Go) Nov 18, 2021
jonjohnsonjr
Ambiguous OCI manifest parsing Low
GHSA-5j5w-g665-5m35 was published for github.com/containerd/containerd (Go) Nov 18, 2021
tdunlap607
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Plugin archive directory traversal in Helm Low
CVE-2020-4053 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
snoopysecurity
Denial of service in Tendermint Low
CVE-2020-5303 was published for github.com/tendermint/tendermint (Go) May 27, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database