Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

757 advisories

Loading
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd High
GHSA-j92c-mmf7-j5x5 was published for github.com/cheqd/cheqd-node (Go) Oct 18, 2022
Prometheus vulnerable to basic authentication bypass High
GHSA-4v48-4q5m-8vx4 was published for github.com/prometheus/prometheus (Go) Dec 5, 2022
chunklhit
lakeFS vulnerable to authenticated users deleting files they are not authorized to delete High
GHSA-28q9-9c3g-v3f9 was published for github.com/treeverse/lakefs (Go) Sep 23, 2022
Caddy-SSH vulnerable to Authorization Bypass due to incorrect usage of PAM library High
GHSA-gmhj-xjfh-cf6m was published for github.com/mohammed90/caddy-ssh (Go) Sep 23, 2022
porcupineyhairs
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper Privilege Management in HashiCorp Nomad High
CVE-2021-3283 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Arbitrary Code Execution in Docker High
CVE-2014-6407 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper Input Validation in libseccomp-golang High
CVE-2017-18367 was published for github.com/seccomp/libseccomp-golang (Go) May 18, 2021
Listing of upload directory contents possible High
GHSA-qmfx-75ff-8mw6 was published for github.com/ThomasLeister/prosody-filer (Go) May 27, 2021
Improper Access Control in Lightning Network Daemon High
CVE-2019-12999 was published for github.com/lightningnetwork/lnd (Go) May 18, 2021
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
SQL Injection in Gogs High
CVE-2014-8682 was published for gogs.io/gogs (Go) Jun 29, 2021
Denial of Service in Gitea High
CVE-2020-13246 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Path traversal in github.com/ipfs/go-ipfs High
CVE-2020-26279 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
S3 storage write is not aborted on errors leading to unbounded memory usage High
GHSA-m6m5-pp4g-fcc8 was published for github.com/foxcpp/maddy (Go) Oct 6, 2021
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
Improper Certificate Validation in HashiCorp Nomad High
CVE-2020-7956 was published for github.com/hashicorp/nomad (Go) May 18, 2021
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints High
GHSA-m7vp-hqwv-7m5x was published for github.com/spiffe/spire (Go) Jan 12, 2022
Daemon panics when processing certain blocks High
GHSA-mcq2-w56r-5w2w was published for github.com/ipld/go-ipfs (Go) Apr 8, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM High
GHSA-34vw-m4rh-r36p was published for github.com/talos-systems/talos (Go) Sep 16, 2022
Path traversal in u-root High
CVE-2020-7665 was published for github.com/u-root/u-root (Go) May 18, 2021
rjoleary
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
ProTip! Advisories are also available from the GraphQL API