Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,801
Erlang
36
GitHub Actions
29
Go
2,380
Maven
5,000+
npm
4,005
NuGet
720
pip
3,809
Pub
12
RubyGems
928
Rust
986
Swift
38
Unreviewed advisories
All unreviewed
5,000+

180 advisories

Loading
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling Low
CVE-2023-34242 was published for github.com/cilium/cilium (Go) Jun 16, 2023
meyskens bayandin
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5193 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5159 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource Low
CVE-2023-3485 was published for go.temporal.io/server (Go) Jun 30, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file Low
CVE-2023-32684 was published for github.com/lima-vm/lima (Go) May 31, 2023
kubectl ANSI escape characters not filtered Low
CVE-2021-25743 was published for k8s.io/kubernetes (Go) Jan 8, 2022
dgl
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
Panic due to malformed WALs in go.etcd.io/etcd Low
CVE-2020-15106 was published for go.etcd.io/etcd (Go) Feb 7, 2023
Repository index file allows for duplicates of the same chart entry in helm Low
CVE-2020-15185 was published for helm.sh/helm (Go) May 24, 2021
Denial of service in Tendermint Low
CVE-2020-5303 was published for github.com/tendermint/tendermint (Go) May 27, 2021
Aliases are never checked in helm Low
CVE-2020-15184 was published for helm.sh/helm (Go) May 24, 2021
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition Low
GHSA-h2x7-2ff6-v32p was published for github.com/ntbosscher/gobase (Go) Feb 11, 2022
Information Disclosure in go.elastic.co/apm Low
CVE-2021-22133 was published for go.elastic.co/apm (Go) May 18, 2021
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata Low
GHSA-3633-5h82-39pq was published for github.com/theupdateframework/go-tuf (Go) Sep 16, 2022
cedricvanrompay-datadog
github.com/cosmos/cosmos-sdk's x/crisis does not charge ConstantFee Low
GHSA-w5w5-2882-47pc was published for github.com/cosmos/cosmos-sdk (Go) Jun 30, 2023
ahook
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability Low
GHSA-7c94-gvvj-r3mg was published for github.com/cheqd/cheqd-node (Go) Jun 5, 2023
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt Low
GHSA-qfc5-6r3j-jj22 was published for github.com/cosmos/cosmos-sdk (Go) Jun 2, 2023
Under-validated ComSpec and cmd.exe resolution in Mutagen projects Low
GHSA-fwj4-72fm-c93g was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Hop-by-hop abuse to malform header mutator Low
GHSA-w9mr-28mw-j8hg was published for github.com/ory/oathkeeper (Go) Apr 26, 2023
viters
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz DavidKorczynski
tdunlap607
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database