Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,134 advisories

Loading
containerd v1.2.x can be coerced into leaking credentials during image pull Moderate
CVE-2020-15157 was published for github.com/containerd/containerd (Go) Feb 11, 2022
bgeesaman joshlarsen
IanColdwater mauilion raesene
Symbolic links in an unpacking routine may enable attackers to read and/or write to arbitrary locations in dbdeployer Moderate
CVE-2020-26277 was published for github.com/datacharmer/dbdeployer (Go) Feb 12, 2022
smowton
SQL Injection in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19026 was published for github.com/goharbor/harbor (Go) May 18, 2021
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
Improper Privilege Management and Execution with Unnecessary Privileges in Kata Containers Moderate
CVE-2020-2023 was published for github.com/kata-containers/agent (Go) Feb 15, 2022
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Memos Cross-site Scripting vulnerability Moderate
CVE-2022-4609 was published for github.com/usememos/memos (Go) Dec 19, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
SFTPGo WebClient vulnerable to Cross-site Scripting Moderate
CVE-2022-39220 was published for github.com/drakkan/sftpgo (Go) Sep 20, 2022
Path Traversal in github.com/go-sonic/sonic Moderate
CVE-2022-46959 was published for github.com/go-sonic/sonic (Go) Jan 23, 2023
efs-utils and aws-efs-csi-driver have race condition during concurrent TLS mounts Moderate
CVE-2022-46174 was published for github.com/kubernetes-sigs/aws-efs-csi-driver (Go) Dec 30, 2022
Alist Cross-site Scripting vulnerability Moderate
CVE-2022-45970 was published for github.com/alist-org/alist/v3 (Go) Dec 12, 2022
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Hashicorp Boundary vulnerable to clickjacking Moderate
CVE-2022-36182 was published for github.com/hashicorp/boundary (Go) Oct 27, 2022
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Moderate
CVE-2021-38698 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Stored Cross-site Scripting in gitea Moderate
CVE-2022-1928 was published for code.gitea.io/gitea (Go) May 30, 2022
HashiCorp Consul Ingress Gateway Panic Can Shutdown Servers Moderate
CVE-2022-24687 was published for github.com/hashicorp/consul (Go) Feb 25, 2022
AAD Pod Identity obtaining token with backslash Moderate
CVE-2022-23551 was published for github.com/Azure/aad-pod-identity (Go) Dec 21, 2022
Asymmetric Resource Consumption (Amplification) in Docker containers created by Wings Moderate
CVE-2021-32699 was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Unverified Ownership in Kubernetes Moderate
CVE-2020-8554 was published for k8s.io/kubernetes (Go) Feb 8, 2022
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
gotify/server vulnerable to Cross-site Scripting in the application image file upload Moderate
CVE-2022-46181 was published for github.com/gotify/server (Go) Dec 30, 2022
Denial of service in Mattermost Moderate
CVE-2022-4045 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
Denial of service in Mattermost Moderate
CVE-2022-4044 was published for github.com/mattermost/mattermost-server (Go) Nov 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database