GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
110 advisories
Filter by severity
Duplicate Advisory: k8s.io/kube-state-metrics Exposure of Sensitive Information
Moderate
CVE-2019-17110
was published
for
github.com/kubernetes/kube-state-metrics
(Go)
May 18, 2021
•
withdrawn
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Helm passes repository credentials to alternate domain
Moderate
CVE-2021-32690
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Duplicate Advisory: Helm passes repository credentials to alternate domain
Moderate
GHSA-7jr6-prv4-5wf5
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
•
withdrawn
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Gitea Exposes Private Email Addresses
Moderate
CVE-2018-1000803
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Insertion of Sensitive Information Into Sent Data in Calico
Moderate
CVE-2020-13597
was published
for
github.com/projectcalico/calico
(Go)
Feb 15, 2022
containerd CRI plugin: Insecure handling of image volumes
High
CVE-2022-23648
was published
for
github.com/containerd/containerd
(Go)
Mar 2, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Information Exposure in Kubernetes
Moderate
CVE-2015-7528
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 12, 2022
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Singularity Incorrect Access Control
Moderate
CVE-2018-12021
was published
for
github.com/hpcng/singularity
(Go)
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API