Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,908
Erlang
39
GitHub Actions
38
Go
2,568
Maven
5,000+
npm
4,240
NuGet
754
pip
4,004
Pub
12
RubyGems
953
Rust
1,042
Swift
45
Unreviewed advisories
All unreviewed
5,000+

204 advisories

Loading
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
Credited to sophieschmieg
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
OCI Manifest Type Confusion Issue Low
GHSA-qq97-vm5h-rrhg was published for github.com/docker/distribution (Go) Feb 8, 2022
samuelkarp
Credited to samuelkarp
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
Credited to enj
kubectl ANSI escape characters not filtered Low
CVE-2021-25743 was published for k8s.io/kubernetes (Go) Jan 8, 2022
dgl
Credited to dgl
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Credited to cyphar
Clarify Content-Type handling Low
CVE-2021-41190 was published for github.com/opencontainers/distribution-spec (Go) Nov 18, 2021
jonjohnsonjr
Credited to jonjohnsonjr
Ambiguous OCI manifest parsing Low
GHSA-5j5w-g665-5m35 was published for github.com/containerd/containerd (Go) Nov 18, 2021
tdunlap607
Credited to tdunlap607
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Plugin archive directory traversal in Helm Low
CVE-2020-4053 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
snoopysecurity
Credited to snoopysecurity
Denial of service in Tendermint Low
CVE-2020-5303 was published for github.com/tendermint/tendermint (Go) May 27, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
Credited to semoac
accounts: Hash account number using Salt Low
GHSA-g636-q5fc-4pr7 was published for github.com/moov-io/customers (Go) May 24, 2021
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
decsecre583
Credited to decsecre583
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm Low
CVE-2020-15185 was published for helm.sh/helm (Go) May 24, 2021
Aliases are never checked in helm Low
CVE-2020-15184 was published for helm.sh/helm (Go) May 24, 2021
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be Low
GHSA-xg2h-wx96-xgxr was published for github.com/Masterminds/goutils (Go) May 21, 2021
neild
Credited to neild
A failed upgrade may lead to hung goroutines Low
GHSA-gmq2-39ff-f5qg was published for github.com/cloudflare/tableflip (Go) May 21, 2021
Crash due to malformed relay protocol message Low
CVE-2021-21404 was published for github.com/syncthing/syncthing (Go) May 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database