Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

34 advisories

Loading
OCI image importer memory exhaustion in github.com/containerd/containerd Moderate
CVE-2023-25153 was published for github.com/containerd/containerd (Go) Feb 16, 2023
AdamKorcz DavidKorczynski
Argo CD's external URLs for Deployments can include JavaScript Critical
CVE-2022-31035 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
DavidKorczynski AdamKorcz
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
Stacklok Minder vulnerable to denial of service from maliciously crafted templates Moderate
CVE-2024-35194 was published for github.com/stacklok/minder (Go) May 20, 2024
AdamKorcz DavidKorczynski
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests High
CVE-2024-34084 was published for github.com/stacklok/minder (Go) May 7, 2024
AdamKorcz DavidKorczynski
Cosign malicious artifacts can cause machine-wide DoS Moderate
CVE-2024-29903 was published for github.com/sigstore/cosign (Go) Apr 11, 2024
AdamKorcz DavidKorczynski
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Rekor's compressed archives can result in OOM conditions High
CVE-2023-30551 was published for github.com/sigstore/rekor (Go) May 3, 2023
AdamKorcz DavidKorczynski
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Helm vulnerable to denial of service through through repository index file Moderate
CVE-2022-23525 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
AdamKorcz DavidKorczynski
Helm Vulnerable to denial of service through string value parsing Moderate
CVE-2022-36055 was published for helm.sh/helm/v3 (Go) Aug 30, 2022
DavidKorczynski AdamKorcz
Helm vulnerable to denial of service through schema file Moderate
CVE-2022-23526 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
Insecure path traversal in Git Trigger Source can lead to arbitrary file read High
CVE-2022-25856 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
KubeEdge DoS when signing the CSR from EdgeCore Moderate
CVE-2022-31075 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
DoS in KubeEdge's Websocket Client in package Viaduct Moderate
CVE-2022-31080 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz DavidKorczynski
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco AdamKorcz
DavidKorczynski
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz DavidKorczynski
tdunlap607
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco AdamKorcz
DavidKorczynski
ProTip! Advisories are also available from the GraphQL API