Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

37 advisories

Loading
Downloading malicious GitHub Actions workflow artifact results in path traversal vulnerability Moderate
CVE-2024-54132 was published for github.com/cli/cli (Go) Dec 4, 2024
andyfeller jtmcg
williammartin BagToad parablack
Extract has insufficient checks allowing attacker to create symlinks outside the extraction directory. Moderate
CVE-2024-47877 was published for github.com/codeclysm/extract (Go) Oct 11, 2024
buglloc cmaglie
Buildah allows arbitrary directory mount Moderate
CVE-2024-9675 was published for github.com/containers/buildah (Go) Oct 9, 2024
Owncast Path Traversal vulnerability Moderate
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Grafana directory traversal for .cvs files Moderate
CVE-2021-43815 was published for github.com/grafana/grafana (Go) May 14, 2024
Archiver Path Traversal vulnerability Moderate
CVE-2024-0406 was published for github.com/mholt/archiver (Go) Apr 6, 2024
Helm dependency management path traversal Moderate
CVE-2024-25620 was published for helm.sh/helm/v3 (Go) Feb 15, 2024
dominykas
moby Access to remapped root allows privilege escalation to real root Moderate
CVE-2021-21284 was published for github.com/moby/moby (Go) Jan 31, 2024
ajxchapman awprice
nathanburrell raulgomis chris-walz mark-adams dbaxa cpuguy83 neersighted
Path Traversal in Moby builder Moderate
CVE-2020-27534 was published for github.com/docker/docker (Go) Jan 31, 2024
neersighted
Grafana Arbitrary File Read Moderate
CVE-2019-19499 was published for github.com/grafana/grafana (Go) Jan 31, 2024
stereoscope vulnerable to tar path traversal when processing OCI tar archives Moderate
CVE-2024-24579 was published for github.com/anchore/stereoscope (Go) Jan 31, 2024
wagoodman joshbressers
nurmi
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43803 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Arduino Create Agent path traversal - arbitrary file deletion vulnerability Moderate
CVE-2023-43801 was published for github.com/arduino/arduino-create-agent (Go) Oct 18, 2023
giubby84
Path traversal allows leaking out-of-bound Helm charts from Argo CD repo-server Moderate
CVE-2023-40026 was published for github.com/argoproj/argo-cd (Go) Sep 27, 2023
crenshaw-dev todaywasawesome
Sender can cause a receiver to overwrite files during ZIP extraction in Croc Moderate
CVE-2023-43616 was published for github.com/schollz/croc (Go) Sep 20, 2023
schollz
Terraform allows arbitrary file write during the `init` operation Moderate
CVE-2023-4782 was published for github.com/hashicorp/terraform (Go) Sep 8, 2023
Kubernetes vulnerable to path traversal Moderate
CVE-2022-3162 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
Openshift Enterprise source-to-image vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) Moderate
CVE-2018-1103 was published for github.com/openshift/source-to-image (Go) Feb 6, 2023
Path Traversal in github.com/go-sonic/sonic Moderate
CVE-2022-46959 was published for github.com/go-sonic/sonic (Go) Jan 23, 2023
Velociraptor subject to Path Traversal Moderate
CVE-2023-0290 was published for www.velocidex.com/golang/velociraptor (Go) Jan 19, 2023
tdunlap607
pastebinit Path Traversal vulnerability Moderate
CVE-2018-25059 was published for github.com/jessfraz/pastebinit (Go) Dec 30, 2022
Echo vulnerable to directory traversal Moderate
CVE-2020-36565 was published for github.com/labstack/echo/v4 (Go) Dec 7, 2022
Duplicate Advisory: KubeVirt arbitrary host file read from the VM Moderate
CVE-2022-1798 was published for kubevirt.io/kubevirt (Go) Aug 18, 2022 withdrawn
0xdidu michaelkedar
Helm Path Traversal Moderate
CVE-2019-1000008 was published for helm.sh/helm (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API