Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

34 advisories

Loading
Uses of deprecated API can be used to cause DoS in user-facing endpoints High
CVE-2022-31054 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server Moderate
CVE-2022-31077 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
CloudCore UDS Server: Malicious Message can crash CloudCore Moderate
CVE-2022-31076 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud AdmissionController component DoS Moderate
CVE-2022-31074 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis crenshaw-dev
DavidKorczynski AdamKorcz
KubeEdge Edge ServiceBus module DoS Moderate
CVE-2022-31073 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
Helm vulnerable to denial of service through string value parsing Moderate
CVE-2022-23524 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime Moderate
CVE-2023-27483 was published for github.com/crossplane/crossplane-runtime (Go) Mar 13, 2023
phisco AdamKorcz
DavidKorczynski
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz DavidKorczynski
tdunlap607
Crossplane-runtime contains Improper Input Validation via Compositions Moderate
CVE-2023-27484 was published for github.com/crossplane/crossplane (Go) Mar 10, 2023
phisco AdamKorcz
DavidKorczynski
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz DavidKorczynski
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
DoS in KubeEdge's Websocket Client in package Viaduct Moderate
CVE-2022-31080 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge DoS when signing the CSR from EdgeCore Moderate
CVE-2022-31075 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Insecure path traversal in Git Trigger Source can lead to arbitrary file read High
CVE-2022-25856 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
Helm vulnerable to denial of service through schema file Moderate
CVE-2022-23526 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
DavidKorczynski AdamKorcz
Helm Vulnerable to denial of service through string value parsing Moderate
CVE-2022-36055 was published for helm.sh/helm/v3 (Go) Aug 30, 2022
DavidKorczynski AdamKorcz
Helm vulnerable to denial of service through through repository index file Moderate
CVE-2022-23525 was published for helm.sh/helm/v3 (Go) Dec 14, 2022
AdamKorcz DavidKorczynski
Denial of service from large image Low
CVE-2023-37900 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
Rekor's compressed archives can result in OOM conditions High
CVE-2023-30551 was published for github.com/sigstore/rekor (Go) May 3, 2023
AdamKorcz DavidKorczynski
ProTip! Advisories are also available from the GraphQL API