Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,119
NuGet
735
pip
3,941
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

900 advisories

Loading
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25835 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
containernetworking/cni improper limitation of path name High
CVE-2021-20206 was published for github.com/containernetworking/cni (Go) Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Improper Input Validation and Excessive Iteration in Go Facebook Thrift High
CVE-2019-3564 was published for github.com/facebook/fbthrift (Go) Feb 15, 2022
oliverchang
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Arbitrary File Write in Libcontainer High
CVE-2015-3629 was published for github.com/docker/docker (Go) Feb 15, 2022
Denial of Service in Packetbeat High
CVE-2017-11480 was published for github.com/elastic/beats (Go) Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Improper Authentication in Kubernetes High
CVE-2020-8558 was published for k8s.io/kubernetes (Go) Feb 15, 2022
halfcrazy
Cryptographic Issues in ECK High
CVE-2020-7010 was published for github.com/elastic/cloud-on-k8s (Go) Feb 15, 2022
Information Exposure in Heketi High
CVE-2017-15104 was published for github.com/heketi/heketi (Go) Feb 15, 2022
Denial of Service in Bytom High
CVE-2018-18206 was published for github.com/bytom/bytom (Go) Feb 15, 2022
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Infinite loop in Yubico yubihsm-connector High
CVE-2021-28484 was published for github.com/Yubico/yubihsm-connector (Go) Feb 15, 2022
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Link Following in Kata Runtime High
CVE-2020-2026 was published for github.com/kata-containers/runtime (Go) Feb 15, 2022
Arbitrary Code Execution in Docker High
CVE-2014-6407 was published for github.com/docker/docker (Go) Feb 15, 2022
Privilege Escalation in Docker High
CVE-2014-3499 was published for github.com/docker/docker (Go) Feb 15, 2022
Denial of Service in Gitea High
CVE-2020-13246 was published for github.com/go-gitea/gitea (Go) Feb 15, 2022
Zip slip directory exploit in github.com/deislabs/oras High
CVE-2021-21272 was published for github.com/deislabs/oras (Go) Feb 15, 2022
smowton
Git LFS can execute a Git binary from the current directory on Windows High
CVE-2021-21237 was published for github.com/git-lfs/git-lfs (Go) Feb 15, 2022
Ry0taK
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
SAML authentication vulnerability due to stdlib XML parsing High
CVE-2020-26276 was published for github.com/fleetdm/fleet/v4 (Go) Feb 11, 2022
Nil dereference in NATS JWT, DoS of nats-server High
CVE-2020-26521 was published for github.com/nats-io/jwt (Go) Feb 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database