Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,750
Maven
5,000+
npm
4,353
NuGet
765
pip
4,114
Pub
12
RubyGems
960
Rust
1,069
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,750 advisories

Loading
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-0664 was published for github.com/gravitl/netmaker (Go) Feb 19, 2022
Arbitrary file reads in HashiCorp Nomad High
CVE-2022-24683 was published for github.com/hashicorp/nomad (Go) Feb 18, 2022
tdunlap607
Credited to tdunlap607
Improper Validation of Certificate with Host Mismatch in mellium.im/xmpp/websocket Moderate
CVE-2022-24968 was published for mellium.im/xmpp (Go) Feb 16, 2022
moparisthebest
Credited to moparisthebest
Skip the router TLS configuration when the host header is an FQDN High
CVE-2022-23632 was published for github.com/traefik/traefik/v2 (Go) Feb 16, 2022
bawolff
Credited to bawolff
Uncontrolled Resource Consumption in promhttp High
CVE-2022-21698 was published for github.com/prometheus/client_golang (Go) Feb 16, 2022
dgl
Credited to dgl
Nomad Spread Job Stanza May Trigger Panic in Servers Moderate
CVE-2022-24684 was published for github.com/hashicorp/nomad (Go) Feb 16, 2022
westonsteimel
Credited to westonsteimel
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed Moderate
GHSA-57q7-rxqq-7vgp was published for github.com/github/git-sizer (Go) Feb 15, 2022
Denial of Service in docker2aci Moderate
CVE-2016-8579 was published for github.com/appc/docker2aci (Go) Feb 15, 2022
Link Following in Kata Runtime High
CVE-2020-2026 was published for github.com/kata-containers/runtime (Go) Feb 15, 2022
Man-in-the-Middle (MitM) Moderate
CVE-2014-5277 was published for github.com/docker/docker (Go) Feb 15, 2022
NULL Pointer Dereference in Kubernetes CSI snapshot-controller Moderate
CVE-2020-8569 was published for github.com/kubernetes-csi/external-snapshotter/v2 (Go) Feb 15, 2022
Privilege Escalation in Kubernetes Critical
CVE-2018-1002105 was published for github.com/kubernetes/kubernetes (Go) Feb 15, 2022
Infinite loop in Yubico yubihsm-connector High
CVE-2021-28484 was published for github.com/Yubico/yubihsm-connector (Go) Feb 15, 2022
Arbitrary redirects under /new endpoint Moderate
CVE-2021-29622 was published for github.com/prometheus/prometheus (Go) Feb 15, 2022
dodek
Credited to dodek
flynn/noise has improper nonce handling yielding potential state DoS Moderate
GHSA-g9mp-8g3h-3c5c was published for github.com/flynn/noise (Go) Feb 15, 2022
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
containers/image library Insufficiently Protects Credentials Moderate
CVE-2019-10214 was published for github.com/containers/image (Go) Feb 15, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Credited to oliverchang
Arbitrary File Write via Archive Extraction in mholt/archiver Moderate
CVE-2018-1002207 was published for github.com/mholt/archiver (Go) Feb 15, 2022
avivdolev
Credited to avivdolev
Pivotal Concourse SQL Injection Vulnerability High
CVE-2019-3792 was published for github.com/concourse/concourse (Go) Feb 15, 2022
Gitea Remote Code Execution High
CVE-2019-11229 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2 High
GHSA-9r5x-fjv3-q6h4 was published for github.com/nats-io/jwt (Go) Feb 15, 2022 withdrawn
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database