Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

902 advisories

Loading
NULL Pointer Dereference in Kubernetes CSI snapshot-controller Moderate
CVE-2020-8569 was published for github.com/kubernetes-csi/external-snapshotter/v2 (Go) Feb 15, 2022
Import of incorrectly embargoed keys could cause early publication Moderate
GHSA-3wxm-m9m4-cprj was published for github.com/google/exposure-notifications-server (Go) May 21, 2021
DNS Rebinding in etcd Moderate
CVE-2018-1099 was published for go.etcd.io/etcd (Go) Feb 15, 2022
Control character injection in console output in github.com/ipfs/go-ipfs Moderate
CVE-2020-26283 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Man-in-the-Middle (MitM) Moderate
CVE-2014-5277 was published for github.com/docker/docker (Go) Feb 15, 2022
On Windows, `git-sizer` might run a `git` executable within the repository being analyzed Moderate
GHSA-57q7-rxqq-7vgp was published for github.com/github/git-sizer (Go) Feb 15, 2022
Attack on Kubernetes via Misconfigured Argo Workflows Moderate
GHSA-rc7p-gmvh-xfx2 was published for github.com/argoproj/argo-workflows (Go) Aug 2, 2021
Information Exposure in RunC Moderate
CVE-2016-9962 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Access Restriction Bypass in Docker Moderate
CVE-2014-6408 was published for github.com/docker/docker (Go) Feb 15, 2022
Denial of Service in docker2aci Moderate
CVE-2016-8579 was published for github.com/appc/docker2aci (Go) Feb 15, 2022
Cross-site Scripting in Gogs Moderate
CVE-2014-8683 was published for gogs.io/gogs (Go) Jun 29, 2021
Directory Traversal in Docker Moderate
CVE-2014-9358 was published for github.com/docker/docker (Go) Feb 15, 2022
Open Redirect Moderate
CVE-2018-15178 was published for gogs.io/gogs (Go) Jun 29, 2021
Insecure Permissions in Gogs Moderate
CVE-2020-14958 was published for gogs.io/gogs (Go) May 18, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Moderate
CVE-2020-11091 was published for github.com/weaveworks/weave (Go) May 27, 2021
The pattern '/\domain.com' is not disallowed when redirecting, allowing for open redirect Moderate
CVE-2020-5233 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Argo Server TLS requests could be forged by attacker with network access Moderate
GHSA-6c73-2v8x-qpvm was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Symlink Attack in Libcontainer and Docker Engine Moderate
CVE-2015-3627 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper input validation in umoci Moderate
CVE-2021-29136 was published for github.com/opencontainers/umoci (Go) Feb 15, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
Helm OCI credentials leaked into Argo CD logs Moderate
GHSA-6w87-g839-9wv7 was published for github.com/argoproj/argo-cd (Go) May 21, 2021
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
User object created with invalid provider data in GoTrue Moderate
GHSA-wpfr-6297-9v57 was published for github.com/netlify/gotrue (Go) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API