Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

134 advisories

Loading
Kubernetes in OpenShift3 Access Control Misconfiguration Low
CVE-2015-7561 was published for k8s.io/kubernetes (Go) May 13, 2022
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Improper Certificate Validation in Cosign Low
CVE-2022-23649 was published for github.com/sigstore/cosign (Go) Feb 22, 2022
znewman01 dlorenc
mattmoor priyawadhwa mtrmac nsmith5
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
gobase subject to Incorrect routing of some HTTP requests when using httpauth due to a race condition Low
GHSA-h2x7-2ff6-v32p was published for github.com/ntbosscher/gobase (Go) Feb 11, 2022
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
In-band key negotiation issue in AWS S3 Crypto SDK for golang Low
CVE-2020-8912 was published for github.com/aws/aws-sdk-go (Go) Feb 11, 2022
sophieschmieg
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
OCI Manifest Type Confusion Issue Low
GHSA-qq97-vm5h-rrhg was published for github.com/docker/distribution (Go) Feb 8, 2022
samuelkarp
Potential proxy IP restriction bypass in Kubernetes Low
CVE-2020-8562 was published for k8s.io/kubernetes (Go) Feb 2, 2022
enj
kubectl ANSI escape characters not filtered Low
CVE-2021-25743 was published for k8s.io/kubernetes (Go) Jan 8, 2022
dgl
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Clarify Content-Type handling Low
CVE-2021-41190 was published for github.com/opencontainers/distribution-spec (Go) Nov 18, 2021
jonjohnsonjr
Ambiguous OCI manifest parsing Low
GHSA-5j5w-g665-5m35 was published for github.com/containerd/containerd (Go) Nov 18, 2021
tdunlap607
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
Confused Deputy in Kubernetes Low
CVE-2021-25740 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Plugin archive directory traversal in Helm Low
CVE-2020-4053 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
snoopysecurity
Denial of service in Tendermint Low
CVE-2020-5303 was published for github.com/tendermint/tendermint (Go) May 27, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
accounts: Hash account number using Salt Low
GHSA-g636-q5fc-4pr7 was published for github.com/moov-io/customers (Go) May 24, 2021
plugin.yaml file allows for duplicate entries in helm Low
CVE-2020-15187 was published for helm.sh/helm (Go) May 24, 2021
Improper Sanitizing of plugin names in helm Low
CVE-2020-15186 was published for helm.sh/helm (Go) May 24, 2021
ProTip! Advisories are also available from the GraphQL API