Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

882 advisories

Loading
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec Moderate
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Rancher's External RoleTemplates can lead to privilege escalation Moderate
CVE-2023-32196 was published for github.com/rancher/rancher (Go) Jun 17, 2024
gqlparser denial of service vulnerability via the parserDirectives function Moderate
CVE-2023-49559 was published for github.com/vektah/gqlparser (Go) Jun 12, 2024
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing Moderate
GHSA-xmmx-7jpf-fx42 was published for github.com/docker/docker (Go) Jun 10, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits) Moderate
CVE-2024-37032 was published for github.com/ollama/ollama (Go) May 31, 2024
lukas-braune
MinIO information disclosure vulnerability Moderate
CVE-2024-36107 was published for github.com/minio/minio (Go) May 29, 2024
stefansundin shtripat
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop Moderate
GHSA-f7cq-5v43-8pwp was published for github.com/traefik/traefik (Go) May 23, 2024
Dapr API Token Exposure Moderate
CVE-2024-35223 was published for github.com/dapr/dapr (Go) May 22, 2024
elena-kolevska yaron2
artursouza
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability Moderate
GHSA-qjcv-rx3v-7mvj was published for github.com/cosmos/ibc-go (Go) May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates Moderate
CVE-2024-35194 was published for github.com/stacklok/minder (Go) May 20, 2024
AdamKorcz DavidKorczynski
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
Submariner Operator sets unnecessary RBAC permissions in helm charts Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
ProTip! Advisories are also available from the GraphQL API