Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

908 advisories

Loading
Shoutrrr util package DoS via sending 2000, 4000, or 6000 character messages High
CVE-2022-25891 was published for github.com/containrrr/shoutrrr (Go) Jul 16, 2022
Argo CD improper access control bug can allow malicious user to escalate privileges to admin level High
CVE-2022-1025 was published for github.com/argoproj/argo-cd (Go) Jul 13, 2022
aws-iam-authenticator allow-listed IAM identity may be able to modify their username, escalate privileges before v0.5.9 High
CVE-2022-2385 was published for sigs.k8s.io/aws-iam-authenticator (Go) Jul 13, 2022
tdunlap607
Argo CD certificate verification is skipped for connections to OIDC providers High
CVE-2022-31105 was published for github.com/argoproj/argo-cd (Go) Jul 12, 2022
jannfis crenshaw-dev
DavidKorczynski AdamKorcz
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request High
CVE-2022-31121 was published for github.com/hyperledger/fabric (Go) Jul 8, 2022
fatal0
Insufficient Session Expiration in Nakama High
CVE-2022-2306 was published for github.com/heroiclabs/nakama (Go) Jul 6, 2022
Denial of service in Open Policy Agent High
CVE-2022-33082 was published for github.com/open-policy-agent/opa (Go) Jul 1, 2022
srenatus kurt-r2c
Path traversal mitigation bypass in OctoRPKI High
GHSA-3jhm-87m6-x959 was published for github.com/cloudflare/cfrpki (Go) Jun 25, 2022
wuhan005 iifiigii
Query predicate bypass in Zalando Skipper High
CVE-2022-34296 was published for github.com/zalando/skipper (Go) Jun 24, 2022
tdunlap607
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params High
CVE-2022-31034 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
crenshaw-dev jgwest
AdamKorcz DavidKorczynski
Insecure path traversal in Git Trigger Source can lead to arbitrary file read High
CVE-2022-25856 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
Uses of deprecated API can be used to cause DoS in user-facing endpoints High
CVE-2022-31054 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
Path Traversal in Git HTTP endpoints in Gogs High
CVE-2022-1993 was published for gogs.io/gogs (Go) Jun 8, 2022
Sim4n6
Node DOS by way of memory exhaustion through ExecSync request in CRI-O High
CVE-2022-1708 was published for github.com/cri-o/cri-o (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
TiDB authentication bypass vulnerability High
CVE-2022-31011 was published for github.com/pingcap/tidb (Go) Jun 6, 2022
Server-Side Request Forgery in gogs webhook High
CVE-2022-1285 was published for gogs.io/gogs (Go) Jun 3, 2022
am0o0
Arbitrary command execution in Minidoc High
CVE-2022-29637 was published for github.com/mindoc-org/mindoc (Go) May 27, 2022
HashiCorp go-getter unsafe downloads could lead to asymmetric resource exhaustion High
CVE-2022-30323 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
HashiCorp go-getter unsafe downloads could lead to arbitrary host access High
CVE-2022-30322 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
HashiCorp go-getter unsafe downloads High
CVE-2022-30321 was published for github.com/hashicorp/go-getter (Go) May 26, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Path traversal in ginadmin High
CVE-2022-30427 was published for github.com/gphper/ginadmin (Go) May 26, 2022
NULL Pointer Dereference in HyperLedger Fabric High
CVE-2021-43667 was published for github.com/hyperledger/fabric (Go) May 25, 2022
Denial of Service in jsonparser High
CVE-2020-35381 was published for github.com/buger/jsonparser (Go) May 25, 2022
Duplicate Advisory: ReDoS via crafted JSON input in GJSON High
CVE-2021-42248 was published for github.com/tidwall/gjson (Go) May 25, 2022 withdrawn
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database