Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,511
Maven
5,000+
npm
4,149
NuGet
736
pip
3,949
Pub
12
RubyGems
946
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,511 advisories

Loading
Cilium leaks sensitive information in cilium-bugtool High
CVE-2024-37307 was published for github.com/cilium/cilium (Go) Jun 13, 2024
sayboras
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
go-grpc-compression has a zstd decompression bombing vulnerability High
GHSA-87m9-rv8p-rgmg was published for github.com/mostynb/go-grpc-compression (Go) Jun 10, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Contract balance not updating correctly after interchain transaction High
CVE-2024-37153 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Vvaradinov EvmosDAO
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
Denial of Service via Zip/Decompression Bomb sent over HTTP or gRPC High
CVE-2024-36129 was published for go.opentelemetry.io/collector/config/configgrpc (Go) Jun 5, 2024
jpkrohling arminru
mx-psi stamparm
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
SQL Injection in Harbor scan log API Low
CVE-2024-22261 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Vulnerabilities with the k8sGPT High
GHSA-85rg-8m6h-825p was published for github.com/k8sgpt-ai/k8sgpt (Go) Jun 13, 2024
atul86244
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) Moderate
CVE-2024-28180 was published for github.com/go-jose/go-jose/v3 (Go) Mar 7, 2024
zer0yu chenjj
hectorj2f vrv7567
Evmos vulnerable to unauthorized account creation with vesting module Moderate
GHSA-m99c-q26r-m7m7 was published for github.com/evmos/evmos/v13 (Go) Apr 17, 2024
Apache Traffic Control Traffic Ops Vulnerable to LDAP Injection Critical
CVE-2021-43350 was published for github.com/apache/trafficcontrol (Go) May 24, 2022
Denial of service in Kubernetes Moderate
CVE-2020-8557 was published for k8s.io/kubernetes/pkg/kubelet (Go) Apr 24, 2024
Kubelet Incorrect Privilege Assignment Moderate
CVE-2019-11245 was published for k8s.io/kubernetes/cmd/kubelet (Go) Apr 24, 2024
Rancher Recreates Default User With Known Password Despite Deletion Critical
CVE-2019-11202 was published for github.com/rancher/rancher (Go) May 24, 2022
moby docker daemon crash during image pull of malicious image Moderate
CVE-2021-21285 was published for github.com/moby/moby (Go) Jan 31, 2024
bgeesaman joshlarsen
IanColdwater mauilion raesene cpuguy83 neersighted
moby Access to remapped root allows privilege escalation to real root Moderate
CVE-2021-21284 was published for github.com/moby/moby (Go) Jan 31, 2024
ajxchapman awprice
nathanburrell raulgomis chris-walz mark-adams dbaxa cpuguy83 neersighted
Duplicate Advisory: Grafana vulnerable to authorization bypass Moderate
GHSA-mh7p-8m2f-qrm6 was published for github.com/grafana/grafana (Go) Mar 26, 2024 withdrawn
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
Withdrawn: Runc allows an arbitrary systemd property to be injected High
GHSA-c5pj-mqfh-rvc3 was published for github.com/opencontainers/runc (Go) Apr 26, 2024 withdrawn
AkihiroSuda
Constallation has pods exposed to peers in VPC High
GHSA-g8fc-vrcg-8vjg was published for github.com/edgelesssys/constellation/v2 (Go) Apr 15, 2024
brb
apko Exposure of HTTP basic auth credentials in log output High
CVE-2024-36127 was published for chainguard.dev/apko (Go) Jun 4, 2024
kolloch
ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module Moderate
GHSA-4j93-fm92-rp4m was published for github.com/cosmos/cosmos-sdk (Go) Feb 21, 2024
dongsam sushiwushi
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database