GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Login screen allows message spoofing if SSO is enabled
Moderate
CVE-2022-24905
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Improper input validation in CNCF Cortex
Moderate
CVE-2021-31232
was published
for
github.com/cortexproject/cortex
(Go)
Jun 23, 2021
Workflow re-write vulnerability using input parameter
Moderate
CVE-2021-37914
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 9, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Moderate
CVE-2020-15233
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Email relay in Apache Traffic Control
Moderate
CVE-2021-42009
was published
for
github.com/apache/trafficcontrol
(Go)
Oct 13, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
CVE-2021-32635
was published
for
github.com/sylabs/singularity
(Go)
Jun 1, 2021
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Denial of Service in OpenShift Origin
Moderate
CVE-2015-5250
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Misconfigured IP address field in ROA leads to OctoRPKI crash
Moderate
CVE-2021-3911
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic
Moderate
CVE-2020-15112
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
Improper Input Validation in Docker Engine
Moderate
CVE-2020-13401
was published
for
github.com/docker/docker-ce
(Go)
Feb 15, 2022
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Moderate
CVE-2023-27483
was published
for
github.com/crossplane/crossplane-runtime
(Go)
Mar 13, 2023
Crossplane-runtime contains Improper Input Validation via Compositions
Moderate
CVE-2023-27484
was published
for
github.com/crossplane/crossplane
(Go)
Mar 10, 2023
Kubernetes arbitrary file overwrite
Moderate
CVE-2018-1002100
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Moderate
CVE-2019-11255
was published
for
github.com/kubernetes-csi/external-provisioner
(Go)
May 24, 2022
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Moderate
CVE-2021-41173
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 25, 2021
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Moderate
CVE-2022-0317
was published
for
github.com/google/go-attestation
(Go)
Feb 1, 2022
go-ipld-prime/codec/json may panic if asked to encode bytes
Moderate
CVE-2023-22460
was published
for
github.com/ipld/go-ipld-prime
(Go)
Jan 5, 2023
Directory traversal in Kubernetes Secrets Store CSI Driver
Moderate
CVE-2020-8568
was published
for
sigs.k8s.io/secrets-store-csi-driver
(Go)
Feb 15, 2022
Improper Input Validation in HashiCorp Consul
Moderate
CVE-2020-13170
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API