Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,069 advisories

Loading
Authentication Bypass in tyk-identity-broker Critical
CVE-2021-23365 was published for github.com/tyktechnologies/tyk-identity-broker (Go) Jun 23, 2021
Improper input validation in CNCF Cortex Moderate
CVE-2021-31232 was published for github.com/cortexproject/cortex (Go) Jun 23, 2021
Privilege Escalation in fscrypt Moderate
CVE-2018-6558 was published for github.com/google/fscrypt (Go) Jun 23, 2021
Elliptic Curve Key Disclosure in go-jose Critical
CVE-2016-9121 was published for github.com/square/go-jose (Go) Jun 23, 2021
Integer Overflow in go-jose High
CVE-2016-9123 was published for github.com/square/go-jose (Go) Jun 23, 2021
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2020-7667 was published for github.com/sassoftware/go-rpmutils (Go) Jun 23, 2021
Cache Manipulation Attack in Apache Traffic Control Moderate
CVE-2020-17522 was published for github.com/apache/trafficcontrol (Go) Jun 18, 2021
go.mongodb.org/mongo-driver improperly validates cstrings when marshalling Go objects into BSON Moderate
CVE-2021-20329 was published for go.mongodb.org/mongo-driver (Go) Jun 15, 2021
Use of Cryptographically Weak Pseudo-Random Number Generator in Rclone High
CVE-2020-28924 was published for github.com/rclone/rclone (Go) Jun 10, 2021
Improper Input Validation Moderate
CVE-2021-3499 was published for github.com/ovn-org/ovn-kubernetes (Go) Jun 8, 2021
Access control flaw in Kiali High
CVE-2021-3495 was published for github.com/kiali/kiali (Go) Jun 8, 2021
Invalid session token expiration High
CVE-2021-32923 was published for github.com/hashicorp/vault (Go) Jun 8, 2021
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
CVE-2021-32635 was published for github.com/sylabs/singularity (Go) Jun 1, 2021
EmmEff
Action Commands (run/shell/exec) Against Library URIs Ignore Configured Remote Endpoint Moderate
GHSA-jq42-hfch-42f3 was published for github.com/hpcng/singularity (Go) Jun 1, 2021
Permissions bypass in KubeVirt Moderate
CVE-2020-1701 was published for kubevirt.io/kubevirt (Go) Jun 1, 2021
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements Moderate
CVE-2020-11091 was published for github.com/weaveworks/weave (Go) May 27, 2021
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Denial of service in Tendermint Low
CVE-2020-5303 was published for github.com/tendermint/tendermint (Go) May 27, 2021
Authentication Bypass in hydra Moderate
CVE-2020-5300 was published for github.com/ory/hydra (Go) May 27, 2021
cedricvanrompay
opencontainers runc contains procfs race condition with a shared volume mount Moderate
CVE-2019-19921 was published for github.com/opencontainers/runc (Go) May 27, 2021
Listing of upload directory contents possible High
GHSA-qmfx-75ff-8mw6 was published for github.com/ThomasLeister/prosody-filer (Go) May 27, 2021
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs High
CVE-2021-30465 was published for github.com/opencontainers/runc (Go) May 25, 2021
champtar
Arbitrary code execution due to an uncontrolled search path for the git binary Critical
CVE-2021-28955 was published for github.com/MichaelMure/git-bug (Go) May 25, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database