Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,933
Erlang
39
GitHub Actions
38
Go
2,597
Maven
5,000+
npm
4,248
NuGet
754
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,597 advisories

Loading
Control character injection in console output in github.com/ipfs/go-ipfs Moderate
CVE-2020-26283 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Credited to tintinweb
Websocket requests did not call AuthenticateMethod Moderate
GHSA-5gjg-jgh4-gppm was published for github.com/ecnepsnai/web (Go) Jun 23, 2021
Duplicate Advisory: gosaml2 is vulnerable to NULL Pointer Dereference from malformed XML signatures High
GHSA-gq5r-cc4w-g8xf was published for github.com/russellhaering/gosaml2 (Go) Jun 23, 2021 withdrawn
tdunlap607
Credited to tdunlap607
Authentication Bypass in tyk-identity-broker Critical
CVE-2021-23365 was published for github.com/tyktechnologies/tyk-identity-broker (Go) Jun 23, 2021
Improper input validation in CNCF Cortex Moderate
CVE-2021-31232 was published for github.com/cortexproject/cortex (Go) Jun 23, 2021
Privilege Escalation in fscrypt Moderate
CVE-2018-6558 was published for github.com/google/fscrypt (Go) Jun 23, 2021
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Integer Overflow in go-jose High
CVE-2016-9123 was published for github.com/square/go-jose (Go) Jun 23, 2021
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2020-7667 was published for github.com/sassoftware/go-rpmutils (Go) Jun 23, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON Moderate
CVE-2021-20329 was published for go.mongodb.org/mongo-driver (Go) Jun 15, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
Improper Input Validation Moderate
CVE-2021-3499 was published for github.com/ovn-org/ovn-kubernetes (Go) Jun 8, 2021
Access control flaw in Kiali High
CVE-2021-3495 was published for github.com/kiali/kiali (Go) Jun 8, 2021
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
CVE-2021-32635 was published for github.com/sylabs/singularity (Go) Jun 1, 2021
EmmEff
Credited to EmmEff
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Permissions bypass in KubeVirt Moderate
CVE-2020-1701 was published for kubevirt.io/kubevirt (Go) Jun 1, 2021
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
Credited to jhutchings1
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Moderate
CVE-2020-11091 was published for github.com/weaveworks/weave (Go) May 27, 2021
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Denial of service in Tendermint Low
CVE-2020-5303 was published for github.com/tendermint/tendermint (Go) May 27, 2021
Authentication Bypass in hydra Moderate
CVE-2020-5300 was published for github.com/ory/hydra (Go) May 27, 2021
cedricvanrompay
Credited to cedricvanrompay
opencontainers runc contains procfs race condition with a shared volume mount Moderate
CVE-2019-19921 was published for github.com/opencontainers/runc (Go) May 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database