Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

947 advisories

Loading
Singularity insecure permissions High
CVE-2019-19724 was published for github.com/sylabs/singularity (Go) May 24, 2022
Kubernetes kube-apiserver unauthorized access High
CVE-2019-11247 was published for k8s.io/apiextensions-apiserver (Go) May 24, 2022
golang.org/x/net/http vulnerable to a reset flood High
CVE-2019-9514 was published for golang.org/x/net (Go) May 24, 2022
golang.org/x/net/http vulnerable to ping floods High
CVE-2019-9512 was published for golang.org/x/net (Go) May 24, 2022
Istio ReDoS Vulnerability High
CVE-2019-14993 was published for istio.io/istio (Go) May 24, 2022
Podman Path Traversal Vulnerability leads to arbitrary file read/write High
CVE-2019-10152 was published for github.com/containers/podman (Go) May 24, 2022
mastercactapus proxyprotocol vulnerable to denial of service High
CVE-2019-14243 was published for github.com/mastercactapus/proxyprotocol (Go) May 24, 2022
b3log Wide unauthenticated file access High
CVE-2019-13915 was published for github.com/b3log/wide (Go) May 24, 2022
Secret insertion into debug log in Docker High
CVE-2019-13509 was published for github.com/docker/docker (Go) May 24, 2022
joshbressers
Credited to joshbressers
Rancher code injection via fluentd config commands High
CVE-2019-12303 was published for github.com/rancher/rancher (Go) May 24, 2022
Rancher Privilege Escalation Vulnerability High
CVE-2019-12274 was published for github.com/rancher/rancher (Go) May 24, 2022
Hybrid Group Gobot Improper Certificate Validation vulnerability High
CVE-2019-12496 was published for github.com/hybridgroup/gobot (Go) May 24, 2022
Containous Traefik Exposes Password Hashes High
CVE-2019-12452 was published for github.com/traefik/traefik (Go) May 24, 2022
LXD vulnerable to Race Condition High
CVE-2015-1340 was published for github.com/lxc/lxd (Go) May 24, 2022
Kubernetes did not effectively clear service account credentials High
CVE-2019-11243 was published for k8s.io/kubernetes (Go) May 24, 2022
awsactran
Credited to awsactran
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows High
CVE-2022-29164 was published for github.com/argoproj/argo-workflows/v3 (Go) May 23, 2022
alexec
Credited to alexec
Improper path handling in Kustomization files allows for denial of service High
CVE-2022-24878 was published for github.com/fluxcd/flux2 (Go) May 20, 2022
hiddeco
Credited to hiddeco
Out of bounds memory access in github.com/open-policy-agent/opa High
CVE-2022-28946 was published for github.com/open-policy-agent/opa (Go) May 20, 2022
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
n-bes
Credited to fourdim, thediveo, and n-bes
Shell command injection in gitea High
CVE-2022-30781 was published for code.gitea.io/gitea (Go) May 17, 2022
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
Go Ethereum LES protocol implementation vulnerable to Denial of Service High
CVE-2018-12018 was published for github.com/ethereum/go-ethereum (Go) May 14, 2022
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database