Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

937 advisories

Loading
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman Moderate
CVE-2021-4024 was published for github.com/containers/podman/v3 (Go) Jan 6, 2022
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Signature verification failure in Tendermint Moderate
GHSA-f3w5-v9xx-rp8p was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
milosevic josef-widder
Denial of Service in TenderMint Moderate
CVE-2020-15091 was published for github.com/tendermint/tendermint (Go) Dec 20, 2021
ebuchman melekes
Open redirect vulnerability in Sourcegraph Moderate
CVE-2020-12283 was published for github.com/sourcegraph/sourcegraph (Go) Dec 20, 2021
Open Redirect in oauth2_proxy Moderate
CVE-2017-1000070 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Denial of Service in OpenShift Origin Moderate
CVE-2015-5250 was published for github.com/openshift/origin (Go) Dec 20, 2021
Excessive Platform Resource Consumption within a Loop in Kubernetes Moderate
CVE-2019-11254 was published for github.com/go-yaml/yaml (Go) Dec 20, 2021
Observable Discrepancy in Argo Moderate
CVE-2020-11576 was published for github.com/argoproj/argo-cd (Go) Dec 9, 2021
Instance config inline secret exposure in Grafana Moderate
CVE-2021-41090 was published for github.com/grafana/agent (Go) Dec 8, 2021
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC Moderate
CVE-2021-43784 was published for github.com/opencontainers/runc (Go) Dec 7, 2021
felixwilhelm
Cross-site Scripting in github.com/schollz/rwtxt Moderate
CVE-2021-20848 was published for github.com/schollz/rwtxt (Go) Nov 29, 2021
tdunlap607
Denial of Service in Go-Ethereum Moderate
CVE-2021-43668 was published for github.com/ethereum/go-ethereum (Go) Nov 23, 2021
Broken encryption in EdgeX Foundry Moderate
CVE-2021-41278 was published for github.com/edgexfoundry/app-functions-sdk-go (Go) Nov 19, 2021
bnevis-i
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki Moderate
CVE-2021-3978 was published for github.com/cloudflare/cfrpki (Go) Nov 19, 2021
ties
OctoRPKI crashes when processing GZIP bomb returned via malicious repository Moderate
CVE-2021-3912 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Infinite certificate chain depth results in OctoRPKI running forever Moderate
CVE-2021-3908 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
andrewpollock
Infinite open connection causes OctoRPKI to hang forever Moderate
CVE-2021-3909 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
michaelkedar
Misconfigured IP address field in ROA leads to OctoRPKI crash Moderate
CVE-2021-3911 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
OIDC claims not updated from Identity Provider in Pomerium Moderate
CVE-2021-41230 was published for github.com/pomerium/pomerium (Go) Nov 10, 2021
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
Geth Node Vulnerable to DoS via maliciously crafted p2p message Moderate
CVE-2021-41173 was published for github.com/ethereum/go-ethereum (Go) Oct 25, 2021
rjl493456442 holiman
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database