Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,111
Maven
5,000+
npm
3,767
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
888
Swift
37
Unreviewed advisories
All unreviewed
5,000+

776 advisories

Loading
Improper Privilege Management in Cilium High
CVE-2022-29179 was published for github.com/cilium/cilium (Go) May 24, 2022
Elrond-GO processing: fallback search of SCRs when not found in the main cache High
CVE-2022-46173 was published for github.com/ElrondNetwork/elrond-go (Go) Dec 30, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct High
CVE-2022-35936 was published for github.com/Kava-Labs/kava (Go) Aug 18, 2022
yihuang tomtau
Capsule vulnerable to privilege escalation by ServiceAccount deployed in a Tenant Namespace High
CVE-2022-46167 was published for github.com/clastix/capsule (Go) Dec 5, 2022
MaxFedotov whatev3n
Keycloak Gatekeeper vulnerable to bypass on using lower case HTTP headers High
CVE-2020-14359 was published for github.com/keycloak/keycloak-gatekeeper (Go) Feb 9, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure High
CVE-2022-2995 was published for github.com/cri-o/cri-o (Go) Sep 20, 2022
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2022-24685 was published for github.com/hashicorp/nomad (Go) Mar 1, 2022
Velociraptor vulnerable to Missing Authorization High
CVE-2023-0242 was published for www.velocidex.com/golang/velociraptor (Go) Jan 18, 2023
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
Arbitrary file deletion in gitea High
CVE-2022-27313 was published for code.gitea.io/gitea (Go) May 4, 2022
Missing Authorization in HashiCorp Consul High
CVE-2022-3920 was published for github.com/hashicorp/consul (Go) Nov 16, 2022
Infinite loop in Yubico yubihsm-connector High
CVE-2021-28484 was published for github.com/Yubico/yubihsm-connector (Go) Feb 15, 2022
Link Following in Kata Runtime High
CVE-2020-2026 was published for github.com/kata-containers/runtime (Go) Feb 15, 2022
SAML authentication vulnerability due to stdlib XML parsing High
CVE-2020-26276 was published for github.com/fleetdm/fleet/v4 (Go) Feb 11, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Privilege escalation in rbac High
CVE-2021-22538 was published for github.com/google/exposure-notifications-verification-server (Go) May 21, 2021
Access control flaw in Kiali High
CVE-2021-3495 was published for github.com/kiali/kiali (Go) Jun 8, 2021
Hugo can execute a binary from the current directory on Windows High
CVE-2020-26284 was published for github.com/gohugoio/hugo (Go) Jun 23, 2021
Ry0taK
Infinite loop in xz High
CVE-2020-16845 was published for github.com/ulikunitz/xz (Go) Dec 16, 2021
Improper Resource Shutdown or Release in HashiCorp Vault High
CVE-2020-7220 was published for github.com/hashicorp/vault (Go) Jul 28, 2021
Path traversal and files overwrite with unsquashfs in singularity High
CVE-2020-15229 was published for github.com/sylabs/singularity (Go) May 24, 2021
cclerget
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Incorrect Authorization with specially crafted requests High
CVE-2021-39206 was published for github.com/pomerium/pomerium (Go) Sep 10, 2021
Improper use of cryptographic key in wal-g High
CVE-2021-38599 was published for github.com/wal-g/wal-g (Go) Sep 2, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database