GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
93 advisories
Filter by severity
Initial debug-host handler implementation could leak information and facilitate denial of service
Moderate
GHSA-x477-fq37-q5wr
was published
for
fortio.org/proxy
(Go)
Jan 27, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
Gitops Run insecure communication
High
CVE-2022-23509
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
usememos/memos may leak user information to an authenticated user
Moderate
CVE-2022-4734
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Container build can leak any path on the host into the container
Low
GHSA-vp35-85q5-9f25
was published
for
github.com/moby/moby
(Go)
Nov 11, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code
Critical
CVE-2022-39222
was published
for
github.com/dexidp/dex
(Go)
Oct 3, 2022
Mattermost users could access some sensitive information via API call
Moderate
CVE-2022-2401
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jul 15, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Moderate
CVE-2022-31066
was published
for
github.com/edgexfoundry/app-functions-sdk-go/v2
(Go)
Jun 17, 2022
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Grafana world readable configuration files
Moderate
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Argo Exposure of Sensitive Information
Moderate
CVE-2018-21034
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
kube-state-metrics may expose secret content in metrics
Moderate
CVE-2019-10223
was published
for
k8s.io/kube-state-metrics
(Go)
May 24, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
Caddy allows enumeration of Certificates and Hostnames
Low
CVE-2018-19148
was published
for
github.com/caddyserver/caddy
(Go)
May 14, 2022
Singularity Incorrect Access Control
Moderate
CVE-2018-12021
was published
for
github.com/hpcng/singularity
(Go)
May 14, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Information Exposure in Kubernetes
Moderate
CVE-2015-7528
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 12, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
containerd CRI plugin: Insecure handling of image volumes
High
CVE-2022-23648
was published
for
github.com/containerd/containerd
(Go)
Mar 2, 2022
ProTip!
Advisories are also available from the
GraphQL API