Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

344 advisories

Loading
Potential inter-blockchain communication (IBC) protocol compromise via "Dragonberry" vulnerability in cheqd High
GHSA-j92c-mmf7-j5x5 was published for github.com/cheqd/cheqd-node (Go) Oct 18, 2022
Control character injection in console output in github.com/ipfs/go-ipfs Moderate
CVE-2020-26283 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Improper input validation in umoci Moderate
CVE-2021-29136 was published for github.com/opencontainers/umoci (Go) Feb 15, 2022
Open Redirect in OAuth2 Proxy Moderate
CVE-2020-4037 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Incorrect validation of parties IDs leaks secret keys in Secret-sharing scheme Critical
GHSA-gp6j-vx54-5pmf was published for github.com/keep-network/keep-ecdsa (Go) Jan 6, 2022
Denial of service via insufficient metadata validation Moderate
GHSA-p93v-m2r2-4387 was published for github.com/google/fscrypt (Go) Mar 1, 2022
mgerstner
Possible privilege escalation via bash completion script Moderate
GHSA-w4f8-fxq2-j35v was published for github.com/google/fscrypt (Go) Mar 1, 2022
mgerstner
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Sysctls applied to containers with host IPC or host network namespaces can affect the host Moderate
GHSA-w2j5-3rcx-vx7x was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
haircommander
Daemon panics when processing certain blocks High
GHSA-mcq2-w56r-5w2w was published for github.com/ipld/go-ipfs (Go) Apr 8, 2022
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
GitHub CLI can execute a git binary from the current directory Moderate
GHSA-fqfh-778m-2v32 was published for github.com/cli/cli (Go) Feb 11, 2022
dawidgolunski avivdolev
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
"Verify All" Returns Success Despite Validation Failures in Singularity High
CVE-2020-13846 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
truatpasteurdotfr
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
czchen crenshaw-dev
SSRF in repository migration Moderate
CVE-2022-0870 was published for gogs.io/gogs (Go) Mar 12, 2022
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database