Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Path traversal mitigation bypass in OctoRPKI High
GHSA-3jhm-87m6-x959 was published for github.com/cloudflare/cfrpki (Go) Jun 25, 2022
wuhan005 iifiigii
Denial of service in Open Policy Agent High
CVE-2022-33082 was published for github.com/open-policy-agent/opa (Go) Jul 1, 2022
srenatus kurt-r2c
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request High
CVE-2022-31121 was published for github.com/hyperledger/fabric (Go) Jul 8, 2022
fatal0
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis crenshaw-dev
DavidKorczynski AdamKorcz
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 High
CVE-2022-2385 was published for sigs.k8s.io/aws-iam-authenticator (Go) Jul 13, 2022
tdunlap607
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages High
CVE-2022-25891 was published for github.com/containrrr/shoutrrr (Go) Jul 16, 2022
Withdrawn Advisory: Out-of-bounds Read can lead to client side denial of service High
CVE-2022-34037 was published for github.com/caddyserver/caddy (Go) Jul 23, 2022 withdrawn
Atlantis Events vulnerable to Timing Attack High
CVE-2022-24912 was published for github.com/runatlantis/atlantis (Go) Jul 30, 2022
graphql-go has infinite recursion in the type definition parser High
CVE-2022-37315 was published for github.com/graphql-go/graphql (Go) Aug 2, 2022
PolicyController before 0.2.1 may bypass attestation verification High
CVE-2022-35930 was published for github.com/sigstore/policy-controller (Go) Aug 10, 2022
mattmoor
cosign's `cosign verify-attestaton --type` can report a false positive if any attestation exists High
CVE-2022-35929 was published for github.com/sigstore/cosign (Go) Aug 10, 2022
Cronos vulnerable to DoS through unintended Contract Selfdestruct High
GHSA-gwj5-wp6r-5q9f was published for github.com/crypto-org-chain/cronos (Go) Aug 11, 2022
yihuang tomtau
tdunlap607
HashiCorp Consul Template could reveal Vault secret contents in error messages High
CVE-2022-38149 was published for github.com/hashicorp/consul-template (Go) Aug 18, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct High
CVE-2022-35936 was published for github.com/Kava-Labs/kava (Go) Aug 18, 2022
yihuang tomtau
Improper token validation leading to code execution in Teleport High
CVE-2022-36633 was published for github.com/gravitational/teleport (Go) Aug 25, 2022
Broken Authorization in ZITADEL Actions High
CVE-2022-36051 was published for github.com/zitadel/zitadel (Go) Aug 30, 2022
mezdanak
Flux CLI Workload Injection High
CVE-2022-36035 was published for github.com/fluxcd/flux2 (Go) Sep 1, 2022
pjbgf
elrond-go MultiESDTNFTTransfer call on a SC address with missing function name High
CVE-2022-36058 was published for github.com/ElrondNetwork/elrond-go (Go) Sep 1, 2022
golang.org/x/net/http2 Denial of Service vulnerability High
CVE-2022-27664 was published for golang.org/x/net (Go) Sep 7, 2022
westonsteimel
x/crypto/ssh vulnerable to panic via malformed packets High
CVE-2021-43565 was published for golang.org/x/crypto (Go) Sep 7, 2022
Podman's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2989 was published for github.com/containers/podman/v3 (Go) Sep 14, 2022
Buildah's incorrect handling of the supplementary groups may lead to data disclosure, modification High
CVE-2022-2990 was published for github.com/containers/buildah (Go) Sep 14, 2022
KubeVirt vulnerable to arbitrary file read on host High
GHSA-qv98-3369-g364 was published for kubevirt.io/kubevirt (Go) Sep 15, 2022
rmohr 0xdidu
Churro andrewpollock
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database