Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,333
Erlang
31
GitHub Actions
22
Go
2,095
Maven
5,000+
npm
3,760
NuGet
678
pip
3,446
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+

146 advisories

Loading
Kubernetes in OpenShift3 Access Control Misconfiguration Low
CVE-2015-7561 was published for k8s.io/kubernetes (Go) May 13, 2022
eventing-github vulnerable to denial of service caused by improper enforcement of the timeout on individual read operations Low
GHSA-v7hc-87jc-qrrr was published for knative.dev/eventing-github (Go) Dec 6, 2023
Mattermost Injection vulnerability Low
CVE-2023-35075 was published for github.com/mattermost/mattermost-server/v6 (Go) Nov 27, 2023
HashiCorp Vagrant Insecure Operation on Windows Junction / Mount Point vulnerability Low
CVE-2023-5834 was published for github.com/hashicorp/vagrant (Go) Oct 28, 2023
gnark's range checker gadget allows wider inputs up to word alignment Low
GHSA-rjjm-x32p-m3f7 was published for github.com/consensys/gnark (Go) Nov 12, 2023
ultrainstinct30 ivokub
gbotrel
SpiceDB's LookupResources may return partial results Low
CVE-2023-35930 was published for github.com/authzed/spicedb (Go) Jun 28, 2023
etcd Key name can be accessed via LeaseTimeToLive API Low
CVE-2023-32082 was published for github.com/etcd-io/etcd (Go) May 12, 2023
Answer Missing Authorization vulnerability Low
CVE-2023-2590 was published for github.com/answerdev/answer (Go) May 9, 2023
slsa-verifier vulnerable to mproper validation of npm's publish attestations Low
GHSA-r2xv-vpr2-42m9 was published for github.com/slsa-framework/slsa-verifier (Go) Nov 8, 2023
laurentsimon ianlewis
trishankatdatadog
Mattermost fails to correctly delete attachments Low
CVE-2023-4105 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
Specific Cilium configurations vulnerable to DoS via Kubernetes annotations Low
CVE-2023-41332 was published for github.com/cilium/cilium (Go) Sep 27, 2023
g-linville sayboras
Flyte Admin SQL Injection in List Filters Low
CVE-2023-41891 was published for github.com/flyteorg/flyteadmin (Go) Oct 27, 2023
Sanjana-Sarda
Pipelines do not validate child UIDs Low
CVE-2023-37264 was published for github.com/tektoncd/pipeline (Go) Jul 7, 2023
wlynch
gnark-crypto's exponentiation in the pairing target group GT using GLV can give incorrect results Low
GHSA-pffg-92cg-xf5c was published for github.com/consensys/gnark-crypto (Go) Oct 5, 2023
asanso yelhousni
xblanchot-gg
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling Low
CVE-2023-34242 was published for github.com/cilium/cilium (Go) Jun 16, 2023
meyskens bayandin
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5193 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5159 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Artifact Hub allows unsafe rego built-in Low
CVE-2023-45822 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Temporal Server vulnerable to Incorrect Authorization and Insecure Default Initialization of Resource Low
CVE-2023-3485 was published for go.temporal.io/server (Go) Jun 30, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file Low
CVE-2023-32684 was published for github.com/lima-vm/lima (Go) May 31, 2023
kubectl ANSI escape characters not filtered Low
CVE-2021-25743 was published for k8s.io/kubernetes (Go) Jan 8, 2022
dgl
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database