GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
119 advisories
Filter by severity
Path Traversal in MHolt Archiver
Moderate
CVE-2019-10743
was published
for
github.com/mholt/archiver
(Go)
May 18, 2021
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7669
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Path Traversal in Buildah
High
CVE-2020-10696
was published
for
github.com/containers/buildah
(Go)
May 18, 2021
Path Traversal in github.com/unknwon/cae/zip
High
CVE-2020-7664
was published
for
github.com/unknwon/cae
(Go)
May 18, 2021
github.com/unknwon/cae Path Traversal vulnerability
High
CVE-2020-7668
was published
for
github.com/unknwon/cae
(Go)
May 18, 2021
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Path Traversal in Docker
Moderate
CVE-2014-9356
was published
for
github.com/docker/docker
(Go)
May 18, 2021
Path traversal and files overwrite with unsquashfs in singularity
High
CVE-2020-15229
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
High
CVE-2021-30465
was published
for
github.com/opencontainers/runc
(Go)
May 25, 2021
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7667
was published
for
github.com/sassoftware/go-rpmutils
(Go)
Jun 23, 2021
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Plugin archive directory traversal in Helm
Low
CVE-2020-4053
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
Path traversal in ServiceCenter
High
CVE-2021-21501
was published
for
github.com/apache/servicecomb-service-center
(Go)
Sep 1, 2021
Path traversal in Grafana Cortex
Moderate
CVE-2021-36157
was published
for
github.com/cortexproject/cortex
(Go)
Sep 2, 2021
Path traversal in Grafana Loki
Moderate
CVE-2021-36156
was published
for
github.com/grafana/loki
(Go)
Sep 2, 2021
Improperly Implemented path matching for in-toto-golang
Moderate
CVE-2021-41087
was published
for
github.com/in-toto/in-toto-golang
(Go)
Sep 22, 2021
Insufficiently restricted permissions on plugin directories
Moderate
CVE-2021-41103
was published
for
github.com/containerd/containerd
(Go)
Oct 4, 2021
Arbitrary filepath traversal via URI injection
High
CVE-2021-3907
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki
Low
GHSA-8459-6rc9-8vf8
was published
for
github.com/cloudflare/cfrpki
(Go)
Feb 14, 2022
Zip slip directory exploit in github.com/deislabs/oras
High
CVE-2021-21272
was published
for
github.com/deislabs/oras
(Go)
Feb 15, 2022
Directory traversal in Kubernetes Secrets Store CSI Driver
Moderate
CVE-2020-8568
was published
for
sigs.k8s.io/secrets-store-csi-driver
(Go)
Feb 15, 2022
Path Traversal in HashiCorp Nomad
Moderate
CVE-2020-28348
was published
for
github.com/hashicorp/nomad
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API