Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel Low
CVE-2023-3299 was published for github.com/hashicorp/nomad (Go) Jul 20, 2023
anonymous4ACL24
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison High
CVE-2015-10004 was published for github.com/robbert229/jwt (Go) Dec 28, 2022
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
IPv6 enabled on IPv4-only network interfaces Moderate
CVE-2024-32473 was published for github.com/docker/docker (Go) Apr 18, 2024
robmry corhere
gabriellavengeo akerouanton
runc vulnerable to container breakout through process.cwd trickery and leaked fds High
CVE-2024-21626 was published for github.com/opencontainers/runc (Go) Jan 31, 2024
rmcnamara-snyk cyphar
lifubang
containerd environment variable leak Moderate
CVE-2021-21334 was published for github.com/containerd/containerd (Go) Jan 31, 2024
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation High
CVE-2023-28433 was published for github.com/minio/minio (Go) Sep 6, 2023
donatello harshavardhana
RicterZ
Rancher Privilege Escalation Vulnerability High
CVE-2019-12274 was published for github.com/rancher/rancher (Go) May 24, 2022
HashiCorp Nomad vulnerable to non-sensitive metadata exposure Moderate
CVE-2022-3866 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1775 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Mattermost vulnerable to information disclosure Moderate
CVE-2023-1777 was published for github.com/mattermost/mattermost-server (Go) Mar 31, 2023
Cronos vulnerable to DoS through unintended Contract Selfdestruct High
GHSA-gwj5-wp6r-5q9f was published for github.com/crypto-org-chain/cronos (Go) Aug 11, 2022
yihuang tomtau
tdunlap607
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
Ethermint vulnerable to DoS through unintended Contract Selfdestruct High
CVE-2022-35936 was published for github.com/Kava-Labs/kava (Go) Aug 18, 2022
yihuang tomtau
Improper Control of a Resource Through its Lifetime in Mattermost Moderate
CVE-2022-1385 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database