Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,866
Erlang
36
GitHub Actions
36
Go
2,491
Maven
5,000+
npm
4,111
NuGet
735
pip
3,933
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
containernetworking/plugins vulnerable to MitM attacks Moderate
CVE-2020-10749 was published for github.com/containernetworking/plugins (Go) May 24, 2022
Grafana XSS via a column style Moderate
CVE-2018-18624 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS via the OpenTSDB datasource Moderate
CVE-2020-13430 was published for github.com/grafana/grafana (Go) May 24, 2022
Grafana XSS in header column rename Moderate
CVE-2020-12245 was published for github.com/grafana/grafana (Go) May 24, 2022
Argo Exposure of Sensitive Information Moderate
CVE-2018-21034 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Podman has Files or Directories Accessible to External Parties Moderate
CVE-2020-1726 was published for github.com/containers/podman (Go) May 24, 2022
tdunlap607
Kubernetes ingress exposes sensitive information Moderate
CVE-2018-1002104 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Kubernetes CSI Sidecar Containers Can Allow Unauthorized Data Access Moderate
CVE-2019-11255 was published for github.com/kubernetes-csi/external-provisioner (Go) May 24, 2022
kube-state-metrics may expose secret content in metrics Moderate
CVE-2019-10223 was published for k8s.io/kube-state-metrics (Go) May 24, 2022
Podman Symlink Vulnerability Moderate
CVE-2019-18466 was published for github.com/containers/podman/v4 (Go) May 24, 2022
Gophish XSS Vulnerability Moderate
CVE-2019-16146 was published for github.com/gophish/gophish (Go) May 24, 2022
Kubernetes client-go library logs may disclose credentials to unauthorized users Moderate
CVE-2019-11250 was published for k8s.io/client-go (Go) May 24, 2022
cnlh nps vulnerable to file overwrite by local user Moderate
CVE-2019-15119 was published for ehang.io/nps (Go) May 24, 2022
Gitea XSS Vulnerability Moderate
CVE-2019-1010261 was published for code.gitea.io/gitea (Go) May 24, 2022
Gitea XSS Vulnerability in Repository Description Moderate
CVE-2019-1010314 was published for code.gitea.io/gitea (Go) May 24, 2022
Grafana Cross-site Scripting vulnerability Moderate
CVE-2019-13068 was published for github.com/grafana/grafana (Go) May 24, 2022
Rancher Login Parameter Can Be Edited Moderate
CVE-2019-11881 was published for github.com/rancher/rancher (Go) May 24, 2022
Golang/x/crypto message forgery vulnerability Moderate
CVE-2019-11841 was published for golang.org/x/crypto (Go) May 24, 2022
golang.org/x/crypto/salsa20/salsa uses insufficiently random values Moderate
CVE-2019-11840 was published for golang.org/x/crypto (Go) May 24, 2022
Login screen allows message spoofing if SSO is enabled Moderate
CVE-2022-24905 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Symlink following allows leaking out-of-bound manifests and JSON files from Argo CD repo-server Moderate
CVE-2022-24904 was published for github.com/argoproj/argo-cd/v2 (Go) May 23, 2022
crenshaw-dev tdunlap607
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
HashiCorp Vault improper configuration of multi factor authentication Moderate
CVE-2022-30689 was published for github.com/hashicorp/vault (Go) May 18, 2022
tar-split memory exhaustion Moderate
CVE-2017-14992 was published for github.com/vbatts/tar-split (Go) May 17, 2022
Gogs XSS Vulnerability Moderate
CVE-2018-17031 was published for gogs.io/gogs (Go) May 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database