GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
2,493 advisories
Privilege escalation to cluster admin on multi-tenant environments
High
CVE-2021-41254
was published
for
github.com/fluxcd/kustomize-controller
(Go)
Nov 15, 2021
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Ambiguous OCI manifest parsing
Low
GHSA-5j5w-g665-5m35
was published
for
github.com/containerd/containerd
(Go)
Nov 18, 2021
Clarify Content-Type handling
Low
CVE-2021-41190
was published
for
github.com/opencontainers/distribution-spec
(Go)
Nov 18, 2021
Improper Preservation of Permissions in github.com/cloudflare/cfrpki/cmd/octorpki
High
CVE-2021-3978
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 19, 2021
Broken encryption in EdgeX Foundry
Moderate
CVE-2021-41278
was published
for
github.com/edgexfoundry/app-functions-sdk-go
(Go)
Nov 19, 2021
Cross-site Scripting in github.com/schollz/rwtxt
Moderate
CVE-2021-20848
was published
for
github.com/schollz/rwtxt
(Go)
Nov 29, 2021
Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration in RunC
Moderate
CVE-2021-43784
was published
for
github.com/opencontainers/runc
(Go)
Dec 7, 2021
Unsafe inline XSS in pasting DOM element into chat
High
CVE-2021-39183
was published
for
github.com/owncast/owncast
(Go)
Dec 14, 2021
Critical security issues in XML encoding in github.com/dexidp/dex
Critical
CVE-2020-26290
was published
for
github.com/dexidp/dex
(Go)
Dec 20, 2021
GitLab auth uses full name instead of username as user ID, allowing impersonation
High
CVE-2020-5415
was published
for
github.com/concourse/concourse
(Go)
Dec 20, 2021
ProTip!
Advisories are also available from the
GraphQL API