GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
A failed upgrade may lead to hung goroutines
Low
GHSA-gmq2-39ff-f5qg
was published
for
github.com/cloudflare/tableflip
(Go)
May 21, 2021
accounts: Hash account number using Salt
Low
GHSA-g636-q5fc-4pr7
was published
for
github.com/moov-io/customers
(Go)
May 24, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Low
CVE-2021-21291
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
May 25, 2021
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
MD5 hash support in github.com/foxcpp/maddy
Low
GHSA-qh54-9vc5-m9fg
was published
for
github.com/foxcpp/maddy
(Go)
Oct 12, 2021
devices resource list treated as a blacklist by default
Low
GHSA-g54h-m393-cpwq
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
Network policy may be bypassed by some ICMP Echo Requests
Low
GHSA-c66w-hq56-4q97
was published
for
github.com/cilium/cilium
(Go)
May 21, 2021
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
Cilium host policy bypass in endpoint-routes mode with dual-stack
Low
GHSA-wc5v-r48v-g4vh
was published
for
github.com/cilium/cilium
(Go)
Jul 15, 2022
personnummer/go vulnerable to Improper Input Validation
Low
GHSA-hv53-vf5m-8q94
was published
for
github.com/personnummer/go
(Go)
Feb 11, 2022
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery
Low
GHSA-9gp7-6833-wv89
was published
for
go.etcd.io/etcd/client/v3
(Go)
Oct 6, 2022
etcd vulnerable to TOCTOU of gateway endpoint authentication
Low
GHSA-h8g9-6gvh-5mrc
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
GoBase Race Condition vulnerability
Low
CVE-2022-2583
was published
for
github.com/ntbosscher/gobase
(Go)
Dec 28, 2022
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
teler dashboard vulnerable to DOM-based cross-site scripting (XSS)
Low
CVE-2022-23466
was published
for
teler.app
(Go)
Dec 6, 2022
Crash due to malformed relay protocol message
Low
CVE-2021-21404
was published
for
github.com/syncthing/syncthing
(Go)
May 21, 2021
Clarify Content-Type handling
Low
CVE-2021-41190
was published
for
github.com/opencontainers/distribution-spec
(Go)
Nov 18, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
ProTip!
Advisories are also available from the
GraphQL API