Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

67 advisories

Loading
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information Moderate
CVE-2019-17110 was published for github.com/kubernetes/kube-state-metrics (Go) May 18, 2021 withdrawn
Information Exposure in jaeger Moderate
CVE-2020-10750 was published for github.com/jaegertracing/jaeger (Go) May 18, 2021
Podman Origin Validation Error Moderate
CVE-2021-20199 was published for github.com/containers/podman/v3 (Go) May 18, 2021
JWT leak via Open Redirect in Programmatic access Moderate
CVE-2021-29651 was published for github.com/pomerium/pomerium (Go) May 21, 2021
cure53
Helm passes repository credentials to alternate domain Moderate
CVE-2021-32690 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
Duplicate Advisory: Helm passes repository credentials to alternate domain Moderate
GHSA-7jr6-prv4-5wf5 was published for helm.sh/helm/v3 (Go) Jun 23, 2021 withdrawn
Buildah processes using chroot isolation may leak environment values to intermediate processes Moderate
CVE-2021-3602 was published for github.com/containers/buildah (Go) Jul 19, 2021
bburky
Improper Certificate Handling Moderate
CVE-2020-9321 was published for github.com/traefik/traefik (Go) Sep 2, 2021
avivdolev
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
Gitea Exposes Private Email Addresses Moderate
CVE-2018-1000803 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico Moderate
CVE-2020-13597 was published for github.com/projectcalico/calico (Go) Feb 15, 2022
richardfan0606 luhring
Information Exposure in Kubernetes Moderate
CVE-2015-7528 was published for github.com/kubernetes/kubernetes (Go) Apr 12, 2022
Improper Privilege Management in Mattermost Moderate
CVE-2022-1332 was published for github.com/mattermost/mattermost-server/v5 (Go) Apr 14, 2022
kurt-r2c
Singularity Incorrect Access Control Moderate
CVE-2018-12021 was published for github.com/hpcng/singularity (Go) May 14, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
kube-state-metrics may expose secret content in metrics Moderate
CVE-2019-10223 was published for k8s.io/kube-state-metrics (Go) May 24, 2022
Argo Exposure of Sensitive Information Moderate
CVE-2018-21034 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Grafana world readable configuration files Moderate
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users Moderate
CVE-2022-31066 was published for github.com/edgexfoundry/app-functions-sdk-go/v2 (Go) Jun 17, 2022
bnevis-i
Mattermost users could access some sensitive information via API call Moderate
CVE-2022-2401 was published for github.com/mattermost/mattermost-server/v6 (Go) Jul 15, 2022
usememos/memos may leak user information to an authenticated user Moderate
CVE-2022-4734 was published for github.com/usememos/memos (Go) Dec 27, 2022
Initial debug-host handler implementation could leak information and facilitate denial of service Moderate
GHSA-x477-fq37-q5wr was published for fortio.org/proxy (Go) Jan 27, 2023
ProTip! Advisories are also available from the GraphQL API