Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,298
Erlang
31
GitHub Actions
21
Go
2,063
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
876
Swift
36
Unreviewed advisories
All unreviewed
5,000+

936 advisories

Loading
SFTPGo has insufficient access control for password reset Moderate
CVE-2024-37897 was published for github.com/drakkan/sftpgo/v2 (Go) Jun 20, 2024
t7tran
PocketBase performs password auth and OAuth2 unverified email linking Moderate
CVE-2024-38351 was published for github.com/pocketbase/pocketbase (Go) Jun 18, 2024
dalurness
Minder affected by denial of service from maliciously configured Git repository Moderate
CVE-2024-37904 was published for github.com/stacklok/minder (Go) Jun 18, 2024
AdamKorcz DavidKorczynski
gqlparser denial of service vulnerability via the parserDirectives function Moderate
CVE-2023-49559 was published for github.com/vektah/gqlparser (Go) Jun 12, 2024
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses Moderate
GHSA-7jmw-8259-q9jx was published for github.com/traefik/traefik (Go) Jun 11, 2024
Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability Moderate
CVE-2024-35255 was published for @azure/identity (Go) Jun 11, 2024
scottaddie localden
Moby (Docker Engine) is vulnerable to Ambiguous OCI manifest parsing Moderate
GHSA-xmmx-7jpf-fx42 was published for github.com/docker/docker (Go) Jun 10, 2024
Docker CLI leaks private registry credentials to registry-1.docker.io Moderate
CVE-2021-41092 was published for github.com/docker/cli (Go) Jun 10, 2024
Unauthenticated Access to sensitive settings in Argo CD Moderate
CVE-2024-37152 was published for github.com/argoproj/argo-cd/v2/server (Go) Jun 6, 2024
moshikoHassan
Evmos allows unvested token delegations Moderate
CVE-2024-37154 was published for github.com/evmos/evmos/v10 (Go) Jun 6, 2024
Argo-cd authenticated users can enumerate clusters by name Moderate
CVE-2024-36106 was published for github.com/argoproj/argo-cd (Go) Jun 6, 2024
crenshaw-dev pasha-codefresh
Open Redirect URL in Harbor Moderate
CVE-2024-22244 was published for github.com/goharbor/harbor (Go) Jun 2, 2024
Ollama does not validate the format of the digest (sha256 with 64 hex digits) Moderate
CVE-2024-37032 was published for github.com/ollama/ollama (Go) May 31, 2024
lukas-braune
MinIO information disclosure vulnerability Moderate
CVE-2024-36107 was published for github.com/minio/minio (Go) May 29, 2024
stefansundin shtripat
Denial of service of Minder Server from maliciously crafted GitHub attestations Moderate
CVE-2024-35238 was published for github.com/stacklok/minder (Go) May 28, 2024
AdamKorcz DavidKorczynski
Traefik vulnerable to GO issue allowing malformed DNS message to cause infinite loop Moderate
GHSA-f7cq-5v43-8pwp was published for github.com/traefik/traefik (Go) May 23, 2024
Dapr API Token Exposure Moderate
CVE-2024-35223 was published for github.com/dapr/dapr (Go) May 22, 2024
elena-kolevska yaron2
artursouza
github.com/cosmos/ibc-go affected by IBC protocol "Huckleberry" vulnerability Moderate
GHSA-qjcv-rx3v-7mvj was published for github.com/cosmos/ibc-go (Go) May 20, 2024
Stacklok Minder vulnerable to denial of service from maliciously crafted templates Moderate
CVE-2024-35194 was published for github.com/stacklok/minder (Go) May 20, 2024
AdamKorcz DavidKorczynski
Trivy possibly leaks registry credential when scanning images from malicious registries Moderate
CVE-2024-35192 was published for github.com/aquasecurity/trivy (Go) May 20, 2024
lyoung-confluent
Submariner Operator sets unnecessary RBAC permissions in helm charts Moderate
CVE-2024-5042 was published for github.com/submariner-io/submariner-operator (Go) May 17, 2024
Denial of service of Minder Server with attacker-controlled REST endpoint Moderate
CVE-2024-35185 was published for github.com/stacklok/minder (Go) May 16, 2024
AdamKorcz DavidKorczynski
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
goreleaser shows environment by default Moderate
GHSA-f6mm-5fc7-3g3c was published for github.com/goreleaser/goreleaser (Go) May 15, 2024
xrstf xmudrii
caarlos0
source-controller leaks Azure Storage SAS token into logs Moderate
CVE-2024-31216 was published for github.com/fluxcd/source-controller (Go) May 15, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database