Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

136 advisories

Loading
cheqd-node affected by Inter-blockchain Communication (IBC) protocol "Huckleberry" vulnerability Low
GHSA-7c94-gvvj-r3mg was published for github.com/cheqd/cheqd-node (Go) Jun 5, 2023
Go package github.com/cosmos/cosmos-sdk module x/crisis does NOT cause chain halt Low
GHSA-qfc5-6r3j-jj22 was published for github.com/cosmos/cosmos-sdk (Go) Jun 2, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file Low
CVE-2023-32684 was published for github.com/lima-vm/lima (Go) May 31, 2023
etcd Key name can be accessed via LeaseTimeToLive API Low
CVE-2023-32082 was published for github.com/etcd-io/etcd (Go) May 12, 2023
Answer Missing Authorization vulnerability Low
CVE-2023-2590 was published for github.com/answerdev/answer (Go) May 9, 2023
Mutagen list and monitor operations do not neutralize control characters in text controlled by remote endpoints Low
CVE-2023-30844 was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Under-validated ComSpec and cmd.exe resolution in Mutagen projects Low
GHSA-fwj4-72fm-c93g was published for github.com/mutagen-io/mutagen (Go) May 5, 2023
Hop-by-hop abuse to malform header mutator Low
GHSA-w9mr-28mw-j8hg was published for github.com/ory/oathkeeper (Go) Apr 26, 2023
viters
rootless: `/sys/fs/cgroup` is writable when cgroupns isn't unshared in runc Low
CVE-2023-25809 was published for github.com/opencontainers/runc (Go) Mar 30, 2023
AkihiroSuda
Answer vulnerable to Business Logic Errors Low
CVE-2023-1541 was published for github.com/answerdev/answer (Go) Mar 21, 2023
Panic due to malformed WALs in go.etcd.io/etcd Low
CVE-2020-15106 was published for go.etcd.io/etcd (Go) Feb 7, 2023
GoBase Race Condition vulnerability Low
CVE-2022-2583 was published for github.com/ntbosscher/gobase (Go) Dec 28, 2022
Buildah (as part of Podman) vulnerable to Path Traversal Low
CVE-2022-4123 was published for github.com/containers/podman/v4 (Go) Dec 8, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian corhere
neersighted
HashiCorp Nomad vulnerable to Insufficient Session Expiration Low
CVE-2022-3867 was published for github.com/hashicorp/nomad (Go) Nov 10, 2022
tdunlap607
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery Low
GHSA-9gp7-6833-wv89 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
etcd user credentials are stored in WAL logs in plaintext Low
GHSA-528j-9r78-wffx was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
tdunlap607
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
Go-tuf Improperly handles multiple key IDs for the same public keys in attacker-controlled metadata Low
GHSA-3633-5h82-39pq was published for github.com/theupdateframework/go-tuf (Go) Sep 16, 2022
cedricvanrompay-datadog
Cilium host policy bypass in endpoint-routes mode with dual-stack Low
GHSA-wc5v-r48v-g4vh was published for github.com/cilium/cilium (Go) Jul 15, 2022
pchaigno
Argo CD SSO users vulnerable to Cross-site Scripting Low
CVE-2022-31102 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
AdamKorcz DavidKorczynski
tdunlap607
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database