Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,500 advisories

Loading
Privilege escalation in beego High
CVE-2021-27117 was published for github.com/beego/beego (Go) Apr 6, 2022
Privilege escalation in beego High
CVE-2021-27116 was published for github.com/beego/beego (Go) Apr 6, 2022
Smokescreen SSRF via deny list bypass Moderate
CVE-2022-24825 was published for github.com/stripe/smokescreen (Go) Apr 7, 2022
gregxsunday
ipld/go-codec-dagpb panics when processing certain blocks High
GHSA-g3vv-g2j5-45f2 was published for github.com/ipld/go-codec-dagpb (Go) Apr 8, 2022
Daemon panics when processing certain blocks High
GHSA-mcq2-w56r-5w2w was published for github.com/ipld/go-ipfs (Go) Apr 8, 2022
Information Exposure in Kubernetes Moderate
CVE-2015-7528 was published for github.com/kubernetes/kubernetes (Go) Apr 12, 2022
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Resource exhaustion in Mattermost Moderate
CVE-2022-1337 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 14, 2022
Improper Privilege Management in Mattermost Moderate
CVE-2022-1332 was published for github.com/mattermost/mattermost-server/v5 (Go) Apr 14, 2022
kurt-r2c
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Improper Control of a Resource Through its Lifetime in Mattermost Moderate
CVE-2022-1385 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High
CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022
Git LFS can execute a binary from the current directory on Windows Critical
CVE-2022-24826 was published for github.com/git-lfs/git-lfs (Go) Apr 22, 2022
yuske
Incorrect Default Permissions in CRI-O Moderate
CVE-2022-27652 was published for github.com/cri-o/cri-o (Go) Apr 22, 2022
AndrewGMorgan
Denial of Service in http-swagger High
CVE-2022-24863 was published for github.com/swaggo/http-swagger (Go) Apr 22, 2022
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
Write access to the catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
Arbitrary file deletion in gitea High
CVE-2022-27313 was published for code.gitea.io/gitea (Go) May 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database