Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

51 advisories

Loading
OpenShift Must Gather Operator Improper Input Validation vulnerability High
CVE-2024-25131 was published for github.com/openshift/must-gather (Go) Dec 19, 2024
Kubernetes Nil pointer dereference in KCM after v1 HPA patch request High
CVE-2024-0793 was published for k8s.io/kubernetes (Go) Nov 17, 2024
Lightning Network Daemon (LND)'s onion processing logic leads to a denial of service High
CVE-2024-38359 was published for github.com/lightningnetwork/lnd (Go) Jun 20, 2024
morehouse
Grafana Email addresses and usernames can not be trusted High
CVE-2022-39306 was published for github.com/grafana/grafana (Go) May 14, 2024
Heketi Arbitrary Code Execution High
CVE-2017-15103 was published for github.com/heketi/heketi (Go) Apr 24, 2024
Improper HTML sanitization in ZITADEL High
CVE-2024-28855 was published for github.com/zitadel/zitadel (Go) Mar 18, 2024
ASA-2024-006: ValidateVoteExtensions helper function in Cosmos SDK may allow incorrect voting power assumptions High
GHSA-95rx-m9m5-m94v was published for github.com/cosmos/cosmos-sdk (Go) Mar 12, 2024
Coder's OIDC authentication allows email with partially matching domain to register High
CVE-2024-27918 was published for github.com/coder/coder (Go) Mar 4, 2024
arcz maxammann
Maliciously crafted Git server replies can cause DoS on go-git clients High
CVE-2023-49568 was published for github.com/go-git/go-git/v5 (Go) Dec 27, 2023
bdilalu
Kubernetes Improper Input Validation vulnerability High
CVE-2023-5528 was published for k8s.io/kubernetes (Go) Nov 14, 2023
Kubernetes csi-proxy vulnerable to privilege escalation due to improper input validation High
CVE-2023-3893 was published for github.com/kubernetes-csi/csi-proxy (Go) Nov 3, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3955 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Kubernetes privilege escalation vulnerability High
CVE-2023-3676 was published for k8s.io/kubernetes (Go) Oct 31, 2023
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation High
CVE-2023-5044 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
joshbressers
Ingress nginx annotation injection causes arbitrary command execution High
CVE-2023-5043 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
Ingress-nginx path sanitization can be bypassed High
CVE-2022-4886 was published for k8s.io/ingress-nginx (Go) Oct 25, 2023
usememos/memos vulnerable to improper input validation High
CVE-2023-4698 was published for github.com/usememos/memos (Go) Sep 1, 2023
Woodpecker does not validate webhook before changing any data High
CVE-2023-40034 was published for github.com/woodpecker-ci/woodpecker (Go) Aug 16, 2023
anbraten 6543
Possible image tampering from missing image validation for Packages High
CVE-2023-38495 was published for github.com/crossplane/crossplane (Go) Jul 28, 2023
AdamKorcz DavidKorczynski
phisco
mx-chain-go does not treat invalid transaction with wrong username correctly High
CVE-2023-33964 was published for github.com/multiversx/mx-chain-go (Go) Jun 2, 2023
Kubernetes vulnerable to validation bypass High
CVE-2022-3294 was published for github.com/kubernetes/kubernetes (Go) Mar 1, 2023
aruneko kurt-r2c
Kubernetes apimachinery packages vulnerable to unbounded recursion in JSON or YAML parsing High
GHSA-74fp-r6jw-h4mp was published for k8s.io/apimachinery (Go) Feb 8, 2023
nosurf vulnerable to improper input validation High
CVE-2020-36564 was published for github.com/justinas/nosurf (Go) Dec 28, 2022
Witness Block Parsing DoS Vulnerability High
CVE-2022-39389 was published for github.com/lightningnetwork/lnd (Go) Nov 18, 2022
Remote denial of service in Hyperledger Fabric Gateway High
CVE-2022-36023 was published for github.com/hyperledger/fabric (Go) Oct 13, 2022
fatal0
ProTip! Advisories are also available from the GraphQL API