GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
19 advisories
Filter by severity
Path Traversal in Docker
Moderate
CVE-2014-9356
was published
for
github.com/docker/docker
(Go)
May 18, 2021
Information Exposure in Docker Engine
High
CVE-2015-3630
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Arbitrary File Override in Docker Engine
Moderate
CVE-2015-3631
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Moby Docker cp broken with debian containers
Critical
CVE-2019-14271
was published
for
github.com/docker/docker
(Go)
May 24, 2022
Poetry Argument Injection can lead to Local Code Execution
High
CVE-2022-36069
was published
for
poetry
(pip)
Sep 16, 2022
Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
Moderate
CVE-2022-36109
was published
for
github.com/docker/docker
(Go)
Sep 16, 2022
cleo is vulnerable to Regular Expression Denial of Service (ReDoS)
Moderate
CVE-2022-42966
was published
for
cleo
(pip)
Nov 10, 2022
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/docker/docker
(Go)
Nov 11, 2022
Docker Swarm encrypted overlay network with a single endpoint is unauthenticated
Moderate
CVE-2023-28842
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
Docker Swarm encrypted overlay network traffic may be unencrypted
Moderate
CVE-2023-28841
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
Docker Swarm encrypted overlay network may be unauthenticated
High
CVE-2023-28840
was published
for
github.com/docker/docker
(Go)
Apr 4, 2023
/sys/devices/virtual/powercap accessible by default to containers
Moderate
GHSA-jq35-85cj-fj4p
was published
for
github.com/docker/docker
(Go)
Oct 30, 2023
containerd allows RAPL to be accessible to a container
Moderate
GHSA-7ww5-4wqc-m92c
was published
for
github.com/containerd/containerd
(Go)
Dec 19, 2023
Path Traversal in Moby builder
Moderate
CVE-2020-27534
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
moby Access to remapped root allows privilege escalation to real root
Moderate
CVE-2021-21284
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
moby docker daemon crash during image pull of malicious image
Moderate
CVE-2021-21285
was published
for
github.com/moby/moby
(Go)
Jan 31, 2024
Docker Authentication Bypass
High
CVE-2018-12608
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
Moby's external DNS requests from 'internal' networks could lead to data exfiltration
Moderate
CVE-2024-29018
was published
for
github.com/docker/docker
(Go)
Mar 20, 2024
ProTip!
Advisories are also available from the
GraphQL API