GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
935 advisories
Filter by severity
NULL Pointer Dereference in Kubernetes CSI snapshot-controller
Moderate
CVE-2020-8569
was published
for
github.com/kubernetes-csi/external-snapshotter/v2
(Go)
Feb 15, 2022
Import of incorrectly embargoed keys could cause early publication
Moderate
GHSA-3wxm-m9m4-cprj
was published
for
github.com/google/exposure-notifications-server
(Go)
May 21, 2021
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed
Moderate
GHSA-57q7-rxqq-7vgp
was published
for
github.com/github/git-sizer
(Go)
Feb 15, 2022
Attack on Kubernetes via Misconfigured Argo Workflows
Moderate
GHSA-rc7p-gmvh-xfx2
was published
for
github.com/argoproj/argo-workflows
(Go)
Aug 2, 2021
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Cross-site Scripting in Gogs
Moderate
CVE-2014-8683
was published
for
gogs.io/gogs
(Go)
Jun 29, 2021
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Denial of Service in docker2aci
Moderate
CVE-2016-8579
was published
for
github.com/appc/docker2aci
(Go)
Feb 15, 2022
Directory Traversal in Docker
Moderate
CVE-2014-9358
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Insecure Permissions in Gogs
Moderate
CVE-2020-14958
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Moderate
CVE-2020-11091
was published
for
github.com/weaveworks/weave
(Go)
May 27, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect
Moderate
CVE-2020-5233
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Argo Server TLS requests could be forged by attacker with network access
Moderate
GHSA-6c73-2v8x-qpvm
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Symlink Attack in Libcontainer and Docker Engine
Moderate
CVE-2015-3627
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
User object created with invalid provider data in GoTrue
Moderate
GHSA-wpfr-6297-9v57
was published
for
github.com/netlify/gotrue
(Go)
Feb 9, 2022
Multiple security issues in Pomerium's embedded envoy
Moderate
GHSA-j34v-3552-5r7j
was published
for
github.com/pomerium/pomerium
(Go)
Mar 1, 2022
ProTip!
Advisories are also available from the
GraphQL API