GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
etcd vulnerable to TOCTOU of gateway endpoint authentication
Low
GHSA-h8g9-6gvh-5mrc
was published
for
go.etcd.io/etcd/v3
(Go)
Oct 6, 2022
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata
Low
GHSA-3633-5h82-39pq
was published
for
github.com/theupdateframework/go-tuf
(Go)
Sep 16, 2022
Cilium host policy bypass in endpoint-routes mode with dual-stack
Low
GHSA-wc5v-r48v-g4vh
was published
for
github.com/cilium/cilium
(Go)
Jul 15, 2022
Argo CD SSO users vulnerable to Cross-site Scripting
Low
CVE-2022-31102
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Cross site scripting via cookies in gogs
Low
GHSA-pj96-4jhv-v792
was published
for
gogs.io/gogs
(Go)
Jun 2, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Low
CVE-2020-8567
was published
for
github.com/Azure/secrets-store-csi-driver-provider-azure
(Go)
May 24, 2022
Caddy allows enumeration of Certificates and Hostnames
Low
CVE-2018-19148
was published
for
github.com/caddyserver/caddy
(Go)
May 14, 2022
Kubernetes in OpenShift3 Access Control Misconfiguration
Low
CVE-2015-7561
was published
for
k8s.io/kubernetes
(Go)
May 13, 2022
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Improper Certificate Validation in Cosign
Low
CVE-2022-23649
was published
for
github.com/sigstore/cosign
(Go)
Feb 22, 2022
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
Low
GHSA-8459-6rc9-8vf8
was published
for
github.com/cloudflare/cfrpki
(Go)
Feb 14, 2022
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition
Low
GHSA-h2x7-2ff6-v32p
was published
for
github.com/ntbosscher/gobase
(Go)
Feb 11, 2022
personnummer/go vulnerable to Improper Input Validation
Low
GHSA-hv53-vf5m-8q94
was published
for
github.com/personnummer/go
(Go)
Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang
Low
CVE-2020-8912
was published
for
github.com/aws/aws-sdk-go
(Go)
Feb 11, 2022
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788)
Low
CVE-2020-13788
was published
for
github.com/goharbor/harbor
(Go)
Feb 11, 2022
OCI Manifest Type Confusion Issue
Low
GHSA-qq97-vm5h-rrhg
was published
for
github.com/docker/distribution
(Go)
Feb 8, 2022
Potential proxy IP restriction bypass in Kubernetes
Low
CVE-2020-8562
was published
for
k8s.io/kubernetes
(Go)
Feb 2, 2022
kubectl ANSI escape characters not filtered
Low
CVE-2021-25743
was published
for
k8s.io/kubernetes
(Go)
Jan 8, 2022
devices resource list treated as a blacklist by default
Low
GHSA-g54h-m393-cpwq
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Clarify Content-Type handling
Low
CVE-2021-41190
was published
for
github.com/opencontainers/distribution-spec
(Go)
Nov 18, 2021
Ambiguous OCI manifest parsing
Low
GHSA-5j5w-g665-5m35
was published
for
github.com/containerd/containerd
(Go)
Nov 18, 2021
Clarify `mediaType` handling
Low
GHSA-77vh-xpmg-72qh
was published
for
github.com/opencontainers/image-spec
(Go)
Nov 18, 2021
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
MD5 hash support in github.com/foxcpp/maddy
Low
GHSA-qh54-9vc5-m9fg
was published
for
github.com/foxcpp/maddy
(Go)
Oct 12, 2021
Confused Deputy in Kubernetes
Low
CVE-2021-25740
was published
for
k8s.io/kubernetes
(Go)
Sep 21, 2021
ProTip!
Advisories are also available from the
GraphQL API