Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

121 advisories

Loading
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/moby/moby (Go) Nov 11, 2022
leonwxqian corhere
neersighted
A failed upgrade may lead to hung goroutines Low
GHSA-gmq2-39ff-f5qg was published for github.com/cloudflare/tableflip (Go) May 21, 2021
accounts: Hash account number using Salt Low
GHSA-g636-q5fc-4pr7 was published for github.com/moov-io/customers (Go) May 24, 2021
Import loops in account imports, nats-server DoS Low
GHSA-gwj5-3vfq-q992 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy Low
CVE-2021-21291 was published for github.com/oauth2-proxy/oauth2-proxy (Go) May 25, 2021
semoac
Harbor is vulnerable to a limited Server-Side Request Forgery (SSRF) (CVE-2020-13788) Low
CVE-2020-13788 was published for github.com/goharbor/harbor (Go) Feb 11, 2022
MD5 hash support in github.com/foxcpp/maddy Low
GHSA-qh54-9vc5-m9fg was published for github.com/foxcpp/maddy (Go) Oct 12, 2021
devices resource list treated as a blacklist by default Low
GHSA-g54h-m393-cpwq was published for github.com/opencontainers/runc (Go) Dec 20, 2021
cyphar
Local directory executable lookup in sops (Windows-only) Low
GHSA-x5c7-x7m2-rhmf was published for go.mozilla.org/sops/v3 (Go) May 20, 2021
Ry0taK
Network policy may be bypassed by some ICMP Echo Requests Low
GHSA-c66w-hq56-4q97 was published for github.com/cilium/cilium (Go) May 21, 2021
brb kkourt
Clarify `mediaType` handling Low
GHSA-77vh-xpmg-72qh was published for github.com/opencontainers/image-spec (Go) Nov 18, 2021
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
Cilium host policy bypass in endpoint-routes mode with dual-stack Low
GHSA-wc5v-r48v-g4vh was published for github.com/cilium/cilium (Go) Jul 15, 2022
pchaigno
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery Low
GHSA-9gp7-6833-wv89 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau JJJollyjim
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
GoBase Race Condition vulnerability Low
CVE-2022-2583 was published for github.com/ntbosscher/gobase (Go) Dec 28, 2022
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
teler dashboard vulnerable to DOM-based cross-site scripting (XSS) Low
CVE-2022-23466 was published for teler.app (Go) Dec 6, 2022
Crash due to malformed relay protocol message Low
CVE-2021-21404 was published for github.com/syncthing/syncthing (Go) May 21, 2021
Clarify Content-Type handling Low
CVE-2021-41190 was published for github.com/opencontainers/distribution-spec (Go) Nov 18, 2021
jonjohnsonjr
ProTip! Advisories are also available from the GraphQL API