Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,069 advisories

Loading
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Import loops in account imports, nats-server DoS Low
GHSA-gwj5-3vfq-q992 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Directory Traversal in Docker Moderate
CVE-2014-9358 was published for github.com/docker/docker (Go) Feb 15, 2022
Open Redirect Moderate
CVE-2018-15178 was published for gogs.io/gogs (Go) Jun 29, 2021
SQL Injection in Gogs High
CVE-2014-8682 was published for gogs.io/gogs (Go) Jun 29, 2021
Denial of Service in Gitea High
CVE-2020-13246 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Path traversal in github.com/ipfs/go-ipfs High
CVE-2020-26279 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
Denial of service in go-ethereum due to CVE-2020-28362 Critical
GHSA-m6gx-rhvj-fh52 was published for github.com/ethereum/go-ethereum (Go) Jun 29, 2021
Insecure Permissions in Gogs Moderate
CVE-2020-14958 was published for gogs.io/gogs (Go) May 18, 2021
Signature Validation Bypass Critical
GHSA-5684-g483-2249 was published for github.com/russellhaering/gosaml2 (Go) May 24, 2021
jupenur
Insecure Permissions in Gogs Critical
CVE-2019-14544 was published for gogs.io/gogs (Go) May 18, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
Signature Validation Bypass Critical
GHSA-rrfw-hg9m-j47h was published for github.com/russellhaering/goxmldsig (Go) May 24, 2021
jupenur russellhaering
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
S3 storage write is not aborted on errors leading to unbounded memory usage High
GHSA-m6m5-pp4g-fcc8 was published for github.com/foxcpp/maddy (Go) Oct 6, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Moderate
CVE-2020-11091 was published for github.com/weaveworks/weave (Go) May 27, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Argo Server TLS requests could be forged by attacker with network access Moderate
GHSA-6c73-2v8x-qpvm was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database