Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,756
Maven
5,000+
npm
4,360
NuGet
765
pip
4,128
Pub
12
RubyGems
961
Rust
1,070
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,756 advisories

Loading
EnvoyProxy Envoy Missing HTTP URL path normalization Critical
CVE-2019-9901 was published for github.com/envoyproxy/envoy (Go) May 24, 2022
LXD vulnerable to Race Condition High
CVE-2015-1340 was published for github.com/lxc/lxd (Go) May 24, 2022
Kubernetes did not effectively clear service account credentials High
CVE-2019-11243 was published for k8s.io/kubernetes (Go) May 24, 2022
awsactran
Credited to awsactran
Login screen allows message spoofing if SSO is enabled Moderate
CVE-2022-24905 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
Credited to crenshaw-dev and tdunlap607
Malicious HTML+XHR Artifact Privilege Escalation in Argo Workflows High
CVE-2022-29164 was published for github.com/argoproj/argo-workflows/v3 (Go) May 23, 2022
alexec
Credited to alexec
Access control bypass in beego Critical
CVE-2022-31259 was published for github.com/beego/beego (Go) May 22, 2022
Improper path handling in Kustomization files allows for denial of service High
CVE-2022-24878 was published for github.com/fluxcd/flux2 (Go) May 20, 2022
hiddeco
Credited to hiddeco
Out of bounds memory access in github.com/open-policy-agent/opa High
CVE-2022-28946 was published for github.com/open-policy-agent/opa (Go) May 20, 2022
gopkg.in/yaml.v3 Denial of Service High
CVE-2022-28948 was published for gopkg.in/yaml.v3 (Go) May 20, 2022
fourdim thediveo
n-bes
Credited to fourdim, thediveo, and n-bes
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
HashiCorp Vault improper configuration of multi factor authentication Moderate
CVE-2022-30689 was published for github.com/hashicorp/vault (Go) May 18, 2022
tar-split memory exhaustion Moderate
CVE-2017-14992 was published for github.com/vbatts/tar-split (Go) May 17, 2022
Shell command injection in gitea High
CVE-2022-30781 was published for code.gitea.io/gitea (Go) May 17, 2022
Improper kubeconfig validation allows arbitrary code execution Critical
CVE-2022-24817 was published for github.com/fluxcd/flux2 (Go) May 16, 2022
pjbgf
Credited to pjbgf
Syncthing vulnerable to symlink traversal and arbitrary file overwrite High
CVE-2017-1000420 was published for github.com/syncthing/syncthing (Go) May 14, 2022
HashiCorp Terraform Amazon Web Services (AWS) uses an insecure PRNG Critical
CVE-2018-9057 was published for github.com/hashicorp/terraform-provider-aws (Go) May 14, 2022
iann0036
Credited to iann0036
Docker Notary Signature Algorithm Not Matched to Key vulnerability High
CVE-2015-9258 was published for github.com/docker/notary (Go) May 14, 2022
Go Ethereum LES protocol implementation vulnerable to Denial of Service High
CVE-2018-12018 was published for github.com/ethereum/go-ethereum (Go) May 14, 2022
Gogs and Gitea SSRF Vulnerability High
CVE-2018-15192 was published for code.gitea.io/gitea (Go) May 14, 2022
Gogs XSS Vulnerability Moderate
CVE-2018-17031 was published for gogs.io/gogs (Go) May 14, 2022
Grafana XSS Vulnerability Moderate
CVE-2018-1000816 was published for github.com/grafana/grafana (Go) May 14, 2022
Sylabs Singularity Improper Input Validation High
CVE-2018-19295 was published for github.com/sylabs/singularity (Go) May 14, 2022
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
Gogs Directory Traversal High
CVE-2018-20303 was published for gogs.io/gogs (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database