Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,517 advisories

Loading
HashiCorp Consul Access Restriction Bypass High
CVE-2019-8336 was published for github.com/hashicorp/consul (Go) May 13, 2022
Gitea Arbitrary File Delete Vulnerability Moderate
CVE-2019-1000002 was published for code.gitea.io/gitea (Go) May 13, 2022
Kubernetes DoS Vulnerability Moderate
CVE-2019-1002100 was published for k8s.io/kubernetes (Go) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17847 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17142 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html has Improper Restriction of Operations within the Bounds of a Memory Buffer High
CVE-2018-17143 was published for golang.org/x/net (Go) May 13, 2022
golang.org/x/net/html NULL Pointer Dereference vulnerability High
CVE-2018-17075 was published for golang.org/x/net (Go) May 13, 2022
Docker Registry has Allocation of Resources Without Limits or Throttling High
CVE-2017-11468 was published for github.com/docker/distribution (Go) May 13, 2022
Withdrawn Advisory: OpenShift OAuth Server XSS Vulnerability Moderate
CVE-2019-3876 was published for github.com/openshift/oauth-apiserver (Go) May 13, 2022 withdrawn
Kubernetes in OpenShift3 Access Control Misconfiguration Low
CVE-2015-7561 was published for k8s.io/kubernetes (Go) May 13, 2022
Apache Traffic Control vulnerable to Slowloris-style Denial of Service attack High
CVE-2017-7670 was published for github.com/apache/trafficcontrol (Go) May 13, 2022
Traefik Missing Authentication High
CVE-2018-15598 was published for github.com/traefik/traefik (Go) May 13, 2022
protobuf susceptible to buffer overflow High
CVE-2015-5237 was published for Google.Protobuf (Composer) May 13, 2022
Rancher Access Control Vulnerability High
CVE-2017-7297 was published for github.com/rancher/rancher (Go) May 13, 2022
Rancher Project Members Have Continued Access to Namespaces After Being Removed From Them High
CVE-2019-6287 was published for github.com/rancher/rancher (Go) May 13, 2022
Improper Input Validation in k8s.io/ingress-nginx High
CVE-2021-25745 was published for k8s.io/ingress-nginx (Go) May 7, 2022
Improper path handling in kustomization files allows path traversal Critical
CVE-2022-24877 was published for github.com/fluxcd/flux2 (Go) May 4, 2022
hiddeco kurt-r2c
Arbitrary file deletion in gitea High
CVE-2022-27313 was published for code.gitea.io/gitea (Go) May 4, 2022
ProxyScotch is vulnerable to a server-side Request Forgery (SSRF) High
CVE-2022-25850 was published for github.com/hoppscotch/proxyscotch (Go) May 3, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Write access to the catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
Podman publishes a malicious image to public registries High
CVE-2022-1227 was published for github.com/containers/podman/v3 (Go) Apr 30, 2022
andrewpollock
Woodpecker allows cross-site scripting (XSS) via build logs Moderate
CVE-2022-29947 was published for github.com/woodpecker-ci/woodpecker (Go) Apr 30, 2022
Insertion of Sensitive Information into Log File in Hashicorp go-getter Moderate
CVE-2022-29810 was published for github.com/hashicorp/go-getter (Go) Apr 28, 2022
jhutchings1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database