GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
48 advisories
Filter by severity
Improper Input Validation in HashiCorp Consul
Moderate
CVE-2020-13170
was published
for
github.com/hashicorp/consul
(Go)
May 18, 2021
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Moderate
CVE-2020-15233
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
CVE-2021-32635
was published
for
github.com/sylabs/singularity
(Go)
Jun 1, 2021
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Moderate
CVE-2021-20329
was published
for
go.mongodb.org/mongo-driver
(Go)
Jun 15, 2021
Improper input validation in CNCF Cortex
Moderate
CVE-2021-31232
was published
for
github.com/cortexproject/cortex
(Go)
Jun 23, 2021
Workflow re-write vulnerability using input parameter
Moderate
CVE-2021-37914
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 9, 2021
Email relay in Apache Traffic Control
Moderate
CVE-2021-42009
was published
for
github.com/apache/trafficcontrol
(Go)
Oct 13, 2021
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Moderate
CVE-2021-41173
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 25, 2021
Misconfigured IP address field in ROA leads to OctoRPKI crash
Moderate
CVE-2021-3911
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Denial of Service in OpenShift Origin
Moderate
CVE-2015-5250
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Go-Attestation Improper Input Validation with attacker-controlled TPM Quote
Moderate
CVE-2022-0317
was published
for
github.com/google/go-attestation
(Go)
Feb 1, 2022
Command injection in gh-ost
Moderate
CVE-2022-21687
was published
for
github.com/github/gh-ost
(Go)
Feb 1, 2022
Improper input validation in umoci
Moderate
CVE-2021-29136
was published
for
github.com/opencontainers/umoci
(Go)
Feb 15, 2022
Directory traversal in Kubernetes Secrets Store CSI Driver
Moderate
CVE-2020-8568
was published
for
sigs.k8s.io/secrets-store-csi-driver
(Go)
Feb 15, 2022
Improper Input Validation in Docker Engine
Moderate
CVE-2020-13401
was published
for
github.com/docker/docker-ce
(Go)
Feb 15, 2022
Kubernetes arbitrary file overwrite
Moderate
CVE-2018-1002100
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Login screen allows message spoofing if SSO is enabled
Moderate
CVE-2022-24905
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access
Moderate
CVE-2019-11255
was published
for
github.com/kubernetes-csi/external-provisioner
(Go)
May 24, 2022
Kubernetes ingress exposes sensitive information
Moderate
CVE-2018-1002104
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
Calico vulnerable to pod route hijacking
Moderate
CVE-2022-28224
was published
for
github.com/projectcalico/calico
(Go)
Jun 7, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
etcd's WAL `ReadAll` method vulnerable to an entry with large index causing panic
Moderate
CVE-2020-15112
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
ProTip!
Advisories are also available from the
GraphQL API