GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
140 advisories
Filter by severity
Information Disclosure in go.elastic.co/apm
Low
CVE-2021-22133
was published
for
go.elastic.co/apm
(Go)
May 18, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
Network policy may be bypassed by some ICMP Echo Requests
Low
GHSA-c66w-hq56-4q97
was published
for
github.com/cilium/cilium
(Go)
May 21, 2021
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Crash due to malformed relay protocol message
Low
CVE-2021-21404
was published
for
github.com/syncthing/syncthing
(Go)
May 21, 2021
A failed upgrade may lead to hung goroutines
Low
GHSA-gmq2-39ff-f5qg
was published
for
github.com/cloudflare/tableflip
(Go)
May 21, 2021
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Low
GHSA-xg2h-wx96-xgxr
was published
for
github.com/Masterminds/goutils
(Go)
May 21, 2021
Aliases are never checked in helm
Low
CVE-2020-15184
was published
for
helm.sh/helm
(Go)
May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm
Low
CVE-2020-15185
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
plugin.yaml file allows for duplicate entries in helm
Low
CVE-2020-15187
was published
for
helm.sh/helm
(Go)
May 24, 2021
accounts: Hash account number using Salt
Low
GHSA-g636-q5fc-4pr7
was published
for
github.com/moov-io/customers
(Go)
May 24, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Low
CVE-2021-21291
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
May 25, 2021
Denial of service in Tendermint
Low
CVE-2020-5303
was published
for
github.com/tendermint/tendermint
(Go)
May 27, 2021
Plugin archive directory traversal in Helm
Low
CVE-2020-4053
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
MD5 hash support in github.com/foxcpp/maddy
Low
GHSA-qh54-9vc5-m9fg
was published
for
github.com/foxcpp/maddy
(Go)
Oct 12, 2021
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Ambiguous OCI manifest parsing
Low
GHSA-5j5w-g665-5m35
was published
for
github.com/containerd/containerd
(Go)
Nov 18, 2021
Clarify Content-Type handling
Low
CVE-2021-41190
was published
for
github.com/opencontainers/distribution-spec
(Go)
Nov 18, 2021
devices resource list treated as a blacklist by default
Low
GHSA-g54h-m393-cpwq
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
kubectl ANSI escape characters not filtered
Low
CVE-2021-25743
was published
for
k8s.io/kubernetes
(Go)
Jan 8, 2022
Potential proxy IP restriction bypass in Kubernetes
Low
CVE-2020-8562
was published
for
k8s.io/kubernetes
(Go)
Feb 2, 2022
ProTip!
Advisories are also available from the
GraphQL API