Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,950
Erlang
39
GitHub Actions
38
Go
2,603
Maven
5,000+
npm
4,250
NuGet
755
pip
4,013
Pub
12
RubyGems
953
Rust
1,048
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,603 advisories

Loading
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
Credited to yangminzhu
Authorization Policy Bypass Due to Case Insensitive Host Comparison High
CVE-2021-39155 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu avivdolev
tdunlap607
Credited to yangminzhu, avivdolev, and tdunlap607
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken
Credited to guidovranken
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Argo Server TLS requests could be forged by attacker with network access Moderate
GHSA-6c73-2v8x-qpvm was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Workflow re-write vulnerability using input parameter Moderate
CVE-2021-37914 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 9, 2021
Header dropping in traefik Moderate
CVE-2021-32813 was published for github.com/traefik/traefik (Go) Aug 5, 2021
Attack on Kubernetes via Misconfigured Argo Workflows Moderate
GHSA-rc7p-gmvh-xfx2 was published for github.com/argoproj/argo-workflows (Go) Aug 2, 2021
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault High
CVE-2020-16250 was published for github.com/hashicorp/vault (Go) Aug 2, 2021
Incorrect Authorization in HashiCorp Consul Moderate
CVE-2020-7955 was published for github.com/hashicorp/consul (Go) Jul 28, 2021
Improper Resource Shutdown or Release in HashiCorp Vault High
CVE-2020-7220 was published for github.com/hashicorp/vault (Go) Jul 28, 2021
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion High
CVE-2021-23409 was published for github.com/pires/go-proxyproto (Go) Jul 26, 2021
tdunlap607
Credited to tdunlap607
Improper Restriction of Excessive Authentication Attempts in Argo API High
CVE-2020-8827 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Argo CD Insecure default administrative password High
CVE-2020-8828 was published for github.com/argoproj/argo-cd (Go) Jul 26, 2021
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Credited to tdunlap607
HashiCorp Consul L7 deny intention results in an allow action High
CVE-2021-36213 was published for github.com/hashicorp/consul (Go) Jul 19, 2021
Hashicorp Consul Missing SSL Certificate Validation High
CVE-2021-32574 was published for github.com/hashicorp/consul (Go) Jul 19, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes Moderate
CVE-2021-3602 was published for github.com/containers/buildah (Go) Jul 19, 2021
bburky
Credited to bburky
Open Redirect in github.com/AndrewBurian/powermux Moderate
CVE-2021-32721 was published for github.com/AndrewBurian/powermux (Go) Jul 1, 2021
Denial of Service in miekg-dns High
CVE-2017-15133 was published for github.com/miekg/dns (Go) Jun 29, 2021
Improper Authenication in Pion DTLS Critical
CVE-2019-20786 was published for github.com/pion/dtls (Go) Jun 29, 2021
Incorrect Default Permissions in Binance tss-lib High
CVE-2020-12118 was published for github.com/binance-chain/tss-lib (Go) Jun 29, 2021
Path Traversal in Dutchcoders transfer.sh Critical
CVE-2021-33497 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
Cross-site scripting in Dutchcoders transfer.sh Moderate
CVE-2021-33496 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database