Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,614 advisories

Loading
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd High
GHSA-j92c-mmf7-j5x5 was published for github.com/cheqd/cheqd-node (Go) Oct 18, 2022
Prometheus vulnerable to basic authentication bypass High
GHSA-4v48-4q5m-8vx4 was published for github.com/prometheus/prometheus (Go) Dec 5, 2022
chunklhit
Credited to chunklhit
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
NULL Pointer Dereference in Kubernetes CSI snapshot-controller Moderate
CVE-2020-8569 was published for github.com/kubernetes-csi/external-snapshotter/v2 (Go) Feb 15, 2022
Improper Privilege Management in HashiCorp Nomad High
CVE-2021-3283 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Privilege Escalation in Kubernetes Critical
CVE-2018-1002105 was published for github.com/kubernetes/kubernetes (Go) Feb 15, 2022
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Import of incorrectly embargoed keys could cause early publication Moderate
GHSA-3wxm-m9m4-cprj was published for github.com/google/exposure-notifications-server (Go) May 21, 2021
Arbitrary Code Execution in Docker High
CVE-2014-6407 was published for github.com/docker/docker (Go) Feb 15, 2022
A failed upgrade may lead to hung goroutines Low
GHSA-gmq2-39ff-f5qg was published for github.com/cloudflare/tableflip (Go) May 21, 2021
Control character injection in console output in github.com/ipfs/go-ipfs Moderate
CVE-2020-26283 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Credited to tintinweb
accounts: Hash account number using Salt Low
GHSA-g636-q5fc-4pr7 was published for github.com/moov-io/customers (Go) May 24, 2021
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Listing of upload directory contents possible High
GHSA-qmfx-75ff-8mw6 was published for github.com/ThomasLeister/prosody-filer (Go) May 27, 2021
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Attack on Kubernetes via Misconfigured Argo Workflows Moderate
GHSA-rc7p-gmvh-xfx2 was published for github.com/argoproj/argo-workflows (Go) Aug 2, 2021
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed Moderate
GHSA-57q7-rxqq-7vgp was published for github.com/github/git-sizer (Go) Feb 15, 2022
Access Restriction Bypass in Docker Moderate
CVE-2014-6408 was published for github.com/docker/docker (Go) Feb 15, 2022
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Cross-site Scripting in Gogs Moderate
CVE-2014-8683 was published for gogs.io/gogs (Go) Jun 29, 2021
Denial of Service in docker2aci Moderate
CVE-2016-8579 was published for github.com/appc/docker2aci (Go) Feb 15, 2022
Directory Traversal in Docker Moderate
CVE-2014-9358 was published for github.com/docker/docker (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database