Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Write access to the catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
Disputed: OS Command injection in github.com/kardianos/service High
CVE-2022-29583 was published for github.com/kardianos/service (Go) Apr 23, 2022 withdrawn
masinger
Denial of Service in http-swagger High
CVE-2022-24863 was published for github.com/swaggo/http-swagger (Go) Apr 22, 2022
Hashicorp Consul HTTP health check endpoints returning an HTTP redirect may be abused as SSRF vector High
CVE-2022-29153 was published for github.com/hashicorp/consul (Go) Apr 20, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Daemon panics when processing certain blocks High
GHSA-mcq2-w56r-5w2w was published for github.com/ipld/go-ipfs (Go) Apr 8, 2022
ipld/go-codec-dagpb panics when processing certain blocks High
GHSA-g3vv-g2j5-45f2 was published for github.com/ipld/go-codec-dagpb (Go) Apr 8, 2022
Access control bypass in Beego High
CVE-2021-30080 was published for github.com/beego/beego (Go) Apr 6, 2022
Privilege escalation in beego High
CVE-2021-27116 was published for github.com/beego/beego (Go) Apr 6, 2022
Privilege escalation in beego High
CVE-2021-27117 was published for github.com/beego/beego (Go) Apr 6, 2022
Podman's default inheritable capabilities for linux container not empty High
CVE-2022-27649 was published for github.com/containers/podman/v4 (Go) Apr 1, 2022
AndrewGMorgan
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
Incorrect Authorization in imgcrypt High
CVE-2022-24778 was published for github.com/containerd/imgcrypt (Go) Mar 28, 2022
dimitar-dimitrow
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
Denial of service in go-ethereum High
CVE-2021-42219 was published for github.com/ethereum/go-ethereum (Go) Mar 18, 2022
Path traversal in github.com/valyala/fasthttp High
CVE-2022-21221 was published for github.com/valyala/fasthttp (Go) Mar 18, 2022
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database