GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
165 advisories
Filter by severity
Improper Locking in github.com/containers/storage
Moderate
CVE-2021-20291
was published
for
github.com/containers/storage
(Go)
May 10, 2021
Kubernetes kubectl cp Vulnerable to Symlink Attack
Moderate
CVE-2019-11251
was published
for
k8s.io/kubernetes
(Go)
May 18, 2021
Path Traversal in MHolt Archiver
Moderate
CVE-2019-10743
was published
for
github.com/mholt/archiver
(Go)
May 18, 2021
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
Moderate
CVE-2021-23347
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 21, 2021
containerd-shim API Exposed to Host Network Containers
Moderate
CVE-2020-15257
was published
for
github.com/containerd/containerd
(Go)
May 24, 2021
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
GHSA-jq42-hfch-42f3
was published
for
github.com/hpcng/singularity
(Go)
Jun 1, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint
Moderate
CVE-2021-32635
was published
for
github.com/sylabs/singularity
(Go)
Jun 1, 2021
Kiali Authentication Bypass vulnerability
Moderate
CVE-2021-20278
was published
for
github.com/kiali/kiali
(Go)
Jun 1, 2021
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON
Moderate
CVE-2021-20329
was published
for
go.mongodb.org/mongo-driver
(Go)
Jun 15, 2021
Control character injection in console output in github.com/ipfs/go-ipfs
Moderate
CVE-2020-26283
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings
Moderate
CVE-2021-32699
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network
Moderate
GHSA-6rg3-8h8x-5xfv
was published
for
github.com/pterodactyl/wings
(Go)
Jun 23, 2021
Improper Neutralization of Special Elements in Output in helm.sh/helm/v3
Moderate
CVE-2021-21303
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Denial of service in github.com/ethereum/go-ethereum
Moderate
CVE-2020-26264
was published
for
github.com/ethereum/go-ethereum
(Go)
Jun 29, 2021
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
Path traversal in Grafana Cortex
Moderate
CVE-2021-36157
was published
for
github.com/cortexproject/cortex
(Go)
Sep 2, 2021
Geth Node Vulnerable to DoS via maliciously crafted p2p message
Moderate
CVE-2021-41173
was published
for
github.com/ethereum/go-ethereum
(Go)
Oct 25, 2021
OctoRPKI crashes when processing GZIP bomb returned via malicious repository
Moderate
CVE-2021-3912
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
Moderate
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Moderate
CVE-2021-43784
was published
for
github.com/opencontainers/runc
(Go)
Dec 7, 2021
Excessive Platform Resource Consumption within a Loop in Kubernetes
Moderate
CVE-2019-11254
was published
for
github.com/go-yaml/yaml
(Go)
Dec 20, 2021
Open Redirect in OAuth2 Proxy
Moderate
CVE-2020-4037
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
Dec 20, 2021
Denial of Service in TenderMint
Moderate
CVE-2020-15091
was published
for
github.com/tendermint/tendermint
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API