Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

49 advisories

Loading
Improper Input Validation in HashiCorp Consul Moderate
CVE-2020-13170 was published for github.com/hashicorp/consul (Go) May 18, 2021
Redirect URL matching ignores character casing Moderate
CVE-2020-15234 was published for github.com/ory/fosite (Go) May 24, 2021
mitar
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses Moderate
CVE-2020-15233 was published for github.com/ory/fosite (Go) May 24, 2021
mitar aeneasr
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
CVE-2021-32635 was published for github.com/sylabs/singularity (Go) Jun 1, 2021
EmmEff
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON Moderate
CVE-2021-20329 was published for go.mongodb.org/mongo-driver (Go) Jun 15, 2021
Improper input validation in CNCF Cortex Moderate
CVE-2021-31232 was published for github.com/cortexproject/cortex (Go) Jun 23, 2021
Workflow re-write vulnerability using input parameter Moderate
CVE-2021-37914 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 9, 2021
Email relay in Apache Traffic Control Moderate
CVE-2021-42009 was published for github.com/apache/trafficcontrol (Go) Oct 13, 2021
Geth Node Vulnerable to DoS via maliciously crafted p2p message Moderate
CVE-2021-41173 was published for github.com/ethereum/go-ethereum (Go) Oct 25, 2021
rjl493456442 holiman
Misconfigured IP address field in ROA leads to OctoRPKI crash Moderate
CVE-2021-3911 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Denial of Service in OpenShift Origin Moderate
CVE-2015-5250 was published for github.com/openshift/origin (Go) Dec 20, 2021
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote Moderate
CVE-2022-0317 was published for github.com/google/go-attestation (Go) Feb 1, 2022
vonhollen
Command injection in gh-ost Moderate
CVE-2022-21687 was published for github.com/github/gh-ost (Go) Feb 1, 2022
dwisiswant0
Improper input validation in umoci Moderate
CVE-2021-29136 was published for github.com/opencontainers/umoci (Go) Feb 15, 2022
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Directory traversal in Kubernetes Secrets Store CSI Driver Moderate
CVE-2020-8568 was published for sigs.k8s.io/secrets-store-csi-driver (Go) Feb 15, 2022
Improper Input Validation in Docker Engine Moderate
CVE-2020-13401 was published for github.com/docker/docker-ce (Go) Feb 15, 2022
Kubernetes arbitrary file overwrite Moderate
CVE-2018-1002100 was published for k8s.io/kubernetes (Go) May 13, 2022
Login screen allows message spoofing if SSO is enabled Moderate
CVE-2022-24905 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access Moderate
CVE-2019-11255 was published for github.com/kubernetes-csi/external-provisioner (Go) May 24, 2022
Kubernetes ingress exposes sensitive information Moderate
CVE-2018-1002104 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic Moderate
CVE-2020-15112 was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database