GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
33 advisories
Filter by severity
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Permissions bypass in KubeVirt
Moderate
CVE-2020-1701
was published
for
kubevirt.io/kubevirt
(Go)
Jun 1, 2021
Cache Manipulation Attack in Apache Traffic Control
Moderate
CVE-2020-17522
was published
for
github.com/apache/trafficcontrol
(Go)
Jun 18, 2021
Incorrect Permission Assignment for Critical Resource in Hashicorp Consul
Moderate
CVE-2020-12797
was published
for
github.com/hashicorp/consul
(Go)
Jun 23, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Hashicorp Vault Privilege Escalation Vulnerability
Low
CVE-2021-41802
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Incorrect Permission Assignment for Critical Resource in Singularity
High
CVE-2019-11328
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Incorrect Permission Assignment for Critical Resource in CRI-O
Moderate
CVE-2022-0532
was published
for
github.com/cri-o/cri-o
(Go)
Feb 11, 2022
Kubernetes Unsafe Cacheing
Moderate
CVE-2019-11244
was published
for
k8s.io/client-go
(Go)
Feb 15, 2022
Podman Elevated Container Privileges
High
CVE-2018-10856
was published
for
github.com/containers/podman
(Go)
May 13, 2022
Grafana world readable configuration files
High
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Grafana information disclosure
High
CVE-2020-12458
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Withdrawn Advisory: kubernetes-nmstate Insecure Privilege Management
High
CVE-2020-1742
was published
for
github.com/nmstate/kubernetes-nmstate
(Go)
May 24, 2022
•
withdrawn
Gitea allowed assignment of private issues
Moderate
CVE-2022-38183
was published
for
code.gitea.io/gitea
(Go)
Aug 13, 2022
Talos worker join token can be used to get elevated access level to the Talos API
High
CVE-2022-36103
was published
for
github.com/talos-systems/talos
(Go)
Sep 16, 2022
CRI-O incorrect handling of supplementary groups may lead to sensitive information disclosure
High
CVE-2022-2995
was published
for
github.com/cri-o/cri-o
(Go)
Sep 20, 2022
Brokercap Bifrost subject to authentication bypass when using HTTP basic authentication
High
CVE-2022-39219
was published
for
github.com/brokercap/Bifrost
(Go)
Sep 27, 2022
Bytebase does not restrict low privilege user to access admin issues
Moderate
CVE-2022-32169
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
CubeFS allows Kubernetes cluster-level privilege escalation
Moderate
CVE-2023-30512
was published
for
github.com/cubefs/cubefs
(Go)
Apr 12, 2023
Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability
High
CVE-2023-5077
was published
for
github.com/hashicorp/vault
(Go)
Sep 29, 2023
Privilege Escalation in HashiCorp Consul
Moderate
CVE-2020-28053
was published
for
github.com/hashicorp/consul
(Go)
Jan 31, 2024
Moby (Docker Engine) Insufficiently restricted permissions on data directory
Moderate
CVE-2021-41091
was published
for
github.com/docker/docker
(Go)
Jan 31, 2024
ProTip!
Advisories are also available from the
GraphQL API