GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
60 advisories
DoS through large manifest files in Argo CD
Moderate
CVE-2022-31016
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Argo CD's external URLs for Deployments can include JavaScript
Critical
CVE-2022-31035
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
High
CVE-2022-25856
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints
High
CVE-2022-31054
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
containerd CRI plugin: Host memory exhaustion through ExecSync
Moderate
CVE-2022-31030
was published
for
github.com/containerd/containerd
(Go)
Jun 6, 2022
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
High
CVE-2022-1708
was published
for
github.com/cri-o/cri-o
(Go)
Jun 6, 2022
Unauthenticated control plane denial of service attack in Istio
High
CVE-2022-23635
was published
for
istio.io/istio
(Go)
Feb 23, 2022
Privilege escalation to cluster admin on multi-tenant environments
High
CVE-2021-41254
was published
for
github.com/fluxcd/kustomize-controller
(Go)
Nov 15, 2021
ProTip!
Advisories are also available from the
GraphQL API