Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

761 advisories

Loading
Link Following in Iris High
CVE-2021-23772 was published for github.com/kataras/iris (Go) Jan 6, 2022
kataras
Drainage of FeeCollector's Block Transaction Fees in cronos High
CVE-2021-43839 was published for github.com/crypto-org-chain/cronos (Go) Jan 6, 2022
zb3
Unprivileged pod using `hostPath` can side-step active LSM when it is SELinux High
CVE-2021-43816 was published for github.com/containerd/containerd (Go) Jan 6, 2022
golang.org/x/net/http2 allows uncontrolled memory consumption High
CVE-2021-44716 was published for golang.org/x/net/http2 (Go) Jan 2, 2022
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity High
CVE-2020-25039 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
xman
Incorrect Permission Assignment for Critical Resource in Singularity High
CVE-2019-11328 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
"Verify All" Returns Success Despite Validation Failures in Singularity High
CVE-2020-13846 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
truatpasteurdotfr
Execution Control List (ECL) Is Insecure in Singularity High
CVE-2020-13845 was published for github.com/sylabs/singularity (Go) Dec 20, 2021
tri-adam
Privilege Elevation in runc High
CVE-2016-3697 was published for github.com/opencontainers/runc (Go) Dec 20, 2021
Cross-site Request Forgery (CSRF) High
CVE-2017-1000069 was published for github.com/bitly/oauth2_proxy (Go) Dec 20, 2021
Open Redirect in OAuth2 Proxy High
CVE-2020-11053 was published for github.com/oauth2-proxy/oauth2-proxy (Go) Dec 20, 2021
rootxharsh iamnoooob
Mik317
Infinite loop in xz High
CVE-2020-16845 was published for github.com/ulikunitz/xz (Go) Dec 16, 2021
Unsafe inline XSS in pasting DOM element into chat High
CVE-2021-39183 was published for github.com/owncast/owncast (Go) Dec 14, 2021
intrigus-lgtm
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
HTTP Request Smuggling in github.com/hyperledger/fabric High
CVE-2021-43669 was published for github.com/hyperledger/fabric (Go) Dec 3, 2021
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Privilege escalation to cluster admin on multi-tenant environments High
CVE-2021-41254 was published for github.com/fluxcd/kustomize-controller (Go) Nov 15, 2021
AdamKorcz DavidKorczynski
NUL character in ROA causes OctoRPKI to crash High
CVE-2021-3910 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Arbitrary filepath traversal via URI injection High
CVE-2021-3907 was published for github.com/cloudflare/cfrpki (Go) Nov 10, 2021
Improper Neutralization of Special Elements used in an LDAP Query in stevenweathers/thunderdome-planning-poker High
CVE-2021-41232 was published for github.com/stevenweathers/thunderdome-planning-poker (Go) Nov 8, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
github.com/tidwall/gjson Vulnerable to REDoS attack High
CVE-2021-42836 was published for github.com/tidwall/gjson (Go) Oct 25, 2021
Policies not properly enforced in bluemonday High
CVE-2021-42576 was published for github.com/microcosm-cc/bluemonday (Go) Oct 19, 2021
Incorrect Privilege Assignment in HashiCorp Vault High
CVE-2021-42135 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
S3 storage write is not aborted on errors leading to unbounded memory usage High
GHSA-m6m5-pp4g-fcc8 was published for github.com/foxcpp/maddy (Go) Oct 6, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database