Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,810
Erlang
36
GitHub Actions
31
Go
2,396
Maven
5,000+
npm
4,030
NuGet
721
pip
3,820
Pub
12
RubyGems
932
Rust
988
Swift
38
Unreviewed advisories
All unreviewed
5,000+

181 advisories

Loading
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc Low
CVE-2023-25809 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
AkihiroSuda
Ambiguous OCI manifest parsing Low
GHSA-5j5w-g665-5m35 was published for github.com/containerd/containerd (Go) Nov 18, 2021
tdunlap607
etcd user credentials are stored in WAL logs in plaintext Low
GHSA-528j-9r78-wffx was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
tdunlap607
Answer vulnerable to Business Logic Errors Low
CVE-2023-1541 was published for github.com/answerdev/answer (Go) Mar 21, 2023
OCI Manifest Type Confusion Issue Low
GHSA-qq97-vm5h-rrhg was published for github.com/docker/distribution (Go) Feb 8, 2022
samuelkarp
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Clarify Content-Type handling Low
CVE-2021-41190 was published for github.com/opencontainers/distribution-spec (Go) Nov 18, 2021
jonjohnsonjr
Crash due to malformed relay protocol message Low
CVE-2021-21404 was published for github.com/syncthing/syncthing (Go) May 21, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
GoBase Race Condition vulnerability Low
CVE-2022-2583 was published for github.com/ntbosscher/gobase (Go) Dec 28, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery Low
GHSA-9gp7-6833-wv89 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
Cilium host policy bypass in endpoint-routes mode with dual-stack Low
GHSA-wc5v-r48v-g4vh was published for github.com/cilium/cilium (Go) Jul 15, 2022
pchaigno
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Network policy may be bypassed by some ICMP Echo Requests Low
GHSA-c66w-hq56-4q97 was published for github.com/cilium/cilium (Go) May 21, 2021
brb kkourt
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database