Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,889 advisories

Loading
kube-httpcache is vulnerable to Cross-Site Request Forgery (CSRF) Moderate
GHSA-47xh-qxqv-mgvg was published for github.com/mittwald/kube-httpcache (Go) Dec 2, 2022
kbcasagrande
etcd vulnerable to TOCTOU of gateway endpoint authentication Low
GHSA-h8g9-6gvh-5mrc was published for go.etcd.io/etcd/v3 (Go) Oct 6, 2022
etcd having a negative value for cluster node size results in an index out-of-bound panic during service discovery Low
GHSA-9gp7-6833-wv89 was published for go.etcd.io/etcd/client/v3 (Go) Oct 6, 2022
personnummer/go vulnerable to Improper Input Validation Low
GHSA-hv53-vf5m-8q94 was published for github.com/personnummer/go (Go) Feb 11, 2022
Cilium host policy bypass in endpoint-routes mode with dual-stack Low
GHSA-wc5v-r48v-g4vh was published for github.com/cilium/cilium (Go) Jul 15, 2022
pchaigno
DOS and excessive memory usage when passing untrusted user input to to dag import Moderate
GHSA-f2gr-7299-487h was published for github.com/ipfs/go-ipfs (Go) Jul 6, 2022
Jorropo avivdolev
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz bgilbert
Path traversal in u-root High
CVE-2020-7665 was published for github.com/u-root/u-root (Go) May 18, 2021
rjoleary
nftables binding to an already bound chain Moderate
GHSA-jr8j-2jhp-m67v was published for github.com/siderolabs/talos (Go) Sep 16, 2022
Talos vulnerable dependency due to race condition in Linux kernel's IP framework XFRM High
GHSA-34vw-m4rh-r36p was published for github.com/talos-systems/talos (Go) Sep 16, 2022
Arbitrary File Write via Archive Extraction in mholt/archiver Moderate
CVE-2018-1002207 was published for github.com/mholt/archiver (Go) Feb 15, 2022
avivdolev
GitHub CLI can execute a git binary from the current directory Moderate
GHSA-fqfh-778m-2v32 was published for github.com/cli/cli (Go) Feb 11, 2022
dawidgolunski avivdolev
Cross site scripting via cookies in gogs Low
GHSA-pj96-4jhv-v792 was published for gogs.io/gogs (Go) Jun 2, 2022
OS Command Injection in gogs Critical
CVE-2022-1884 was published for gogs.io/gogs (Go) Jun 2, 2022
1135
Daemon panics when processing certain blocks High
GHSA-mcq2-w56r-5w2w was published for github.com/ipld/go-ipfs (Go) Apr 8, 2022
Opened exploitable ports in default docker-compose.yaml in go-ipfs Moderate
GHSA-fx5p-f64h-93xc was published for github.com/ipfs/go-ipfs (Go) Apr 4, 2022
Winterhuman
Sysctls applied to containers with host IPC or host network namespaces can affect the host Moderate
GHSA-w2j5-3rcx-vx7x was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
haircommander
SSRF in repository migration Moderate
GHSA-q347-cg56-pcq4 was published for gogs.io/gogs (Go) Mar 14, 2022
michaellrowley
Improper random number generation in github.com/coredns/coredns Moderate
GHSA-gv9j-4w24-q7vx was published for github.com/coredns/coredns (Go) Mar 1, 2022
Possible privilege escalation via bash completion script Moderate
GHSA-w4f8-fxq2-j35v was published for github.com/google/fscrypt (Go) Mar 1, 2022
mgerstner
Denial of service via insufficient metadata validation Moderate
GHSA-p93v-m2r2-4387 was published for github.com/google/fscrypt (Go) Mar 1, 2022
mgerstner
Possible filesystem space exhaustion by local users Moderate
GHSA-chxf-fjcf-7fwp was published for github.com/google/fscrypt (Go) Mar 1, 2022
mgerstner
Multiple security issues in Pomerium's embedded envoy Moderate
GHSA-j34v-3552-5r7j was published for github.com/pomerium/pomerium (Go) Mar 1, 2022
User object created with invalid provider data in GoTrue Moderate
GHSA-wpfr-6297-9v57 was published for github.com/netlify/gotrue (Go) Feb 9, 2022
Unbounded memory usage on exposed HTTP/2 (non-gRPC) endpoints High
GHSA-m7vp-hqwv-7m5x was published for github.com/spiffe/spire (Go) Jan 12, 2022
ProTip! Advisories are also available from the GraphQL API