Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,114
NuGet
735
pip
3,934
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
Go Ethereum allows attackers to use manipulation of time-difference values to achieve replacement of main-chain blocks Moderate
CVE-2022-37450 was published for github.com/ethereum/go-ethereum (Go) Aug 6, 2022
FlyteAdmin Insufficient AccessToken Expiration Check Moderate
CVE-2022-31145 was published for github.com/flyteorg/flyteadmin (Go) Jul 15, 2022
mayitbeegh
Mattermost users could access some sensitive information via API call Moderate
CVE-2022-2401 was published for github.com/mattermost/mattermost-server/v6 (Go) Jul 15, 2022
DoS in KubeEdge's Websocket Client in package Viaduct Moderate
CVE-2022-31080 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud Stream and Edge Stream DoS from large stream message Moderate
CVE-2022-31079 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
AdamKorcz DavidKorczynski
KubeEdge CloudCore Router memory exhaustion vulnerability Moderate
CVE-2022-31078 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge DoS when signing the CSR from EdgeCore Moderate
CVE-2022-31075 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Cloud AdmissionController component DoS Moderate
CVE-2022-31074 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
KubeEdge Edge ServiceBus module DoS Moderate
CVE-2022-31073 was published for github.com/kubeedge/kubeedge (Go) Jul 11, 2022
DavidKorczynski AdamKorcz
Insecure cookies in Openshift Origin Moderate
CVE-2015-3207 was published for github.com/openshift/origin (Go) Jul 8, 2022
DOS and excessive memory usage when passing untrusted user input to to dag import Moderate
GHSA-f2gr-7299-487h was published for github.com/ipfs/go-ipfs (Go) Jul 6, 2022
Jorropo avivdolev
Malformed CAR panics and excessive memory usage Moderate
GHSA-9x4h-8wgm-8xfg was published for github.com/ipld/go-car (Go) Jul 6, 2022
Jorropo rvagg
willscott masih BigLep
CloudCore UDS Server: Malicious Message can crash CloudCore Moderate
CVE-2022-31076 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server Moderate
CVE-2022-31077 was published for github.com/kubeedge/kubeedge (Go) Jun 25, 2022
DavidKorczynski AdamKorcz
golang.org/x/sys/unix has Incorrect privilege reporting in syscall Moderate
CVE-2022-29526 was published for golang.org/x/sys (Go) Jun 24, 2022
DoS through large manifest files in Argo CD Moderate
CVE-2022-31016 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server Moderate
CVE-2022-31036 was published for github.com/argoproj/argo-cd (Go) Jun 21, 2022
AdamKorcz DavidKorczynski
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users Moderate
CVE-2022-31066 was published for github.com/edgexfoundry/app-functions-sdk-go/v2 (Go) Jun 17, 2022
bnevis-i
Ill-formed headers may lead to unexpected behavior in Istio Moderate
CVE-2022-31045 was published for istio.io/istio (Go) Jun 10, 2022
oschaaf
Cross-site Scripting vulnerability in repository issue list in Gogs Moderate
CVE-2022-31038 was published for gogs.io/gogs (Go) Jun 8, 2022
wuhan005
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers
containerd CRI plugin: Host memory exhaustion through ExecSync Moderate
CVE-2022-31030 was published for github.com/containerd/containerd (Go) Jun 6, 2022
DavidKorczynski AdamKorcz
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
Proximyst
Uncontrolled Resource Consumption in Mattermost server Moderate
CVE-2022-1982 was published for github.com/mattermost/mattermost-server (Go) Jun 3, 2022
Open redirect in caddy Moderate
CVE-2022-29718 was published for github.com/caddyserver/caddy (Go) Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database