GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7669
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Path Traversal in Buildah
High
CVE-2020-10696
was published
for
github.com/containers/buildah
(Go)
May 18, 2021
Path Traversal in github.com/unknwon/cae/zip
High
CVE-2020-7664
was published
for
github.com/unknwon/cae
(Go)
May 18, 2021
github.com/unknwon/cae Path Traversal vulnerability
High
CVE-2020-7668
was published
for
github.com/unknwon/cae
(Go)
May 18, 2021
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Path traversal and files overwrite with unsquashfs in singularity
High
CVE-2020-15229
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
High
CVE-2021-30465
was published
for
github.com/opencontainers/runc
(Go)
May 25, 2021
github.com/sassoftware/go-rpmutils Arbitrary File Write via Archive Extraction (Zip Slip)
High
CVE-2020-7667
was published
for
github.com/sassoftware/go-rpmutils
(Go)
Jun 23, 2021
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Path traversal in ServiceCenter
High
CVE-2021-21501
was published
for
github.com/apache/servicecomb-service-center
(Go)
Sep 1, 2021
Arbitrary filepath traversal via URI injection
High
CVE-2021-3907
was published
for
github.com/cloudflare/cfrpki
(Go)
Nov 10, 2021
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Zip slip directory exploit in github.com/deislabs/oras
High
CVE-2021-21272
was published
for
github.com/deislabs/oras
(Go)
Feb 15, 2022
containernetworking/cni improper limitation of path name
High
CVE-2021-20206
was published
for
github.com/containernetworking/cni
(Go)
Feb 15, 2022
Arbitrary file reads in HashiCorp Nomad
High
CVE-2022-24683
was published
for
github.com/hashicorp/nomad
(Go)
Feb 18, 2022
Path traversal in claircore
High
CVE-2021-3762
was published
for
github.com/quay/claircore
(Go)
Mar 4, 2022
Arbitrary file write in nats-server
High
CVE-2022-26652
was published
for
github.com/nats-io/nats-server/v2
(Go)
Mar 10, 2022
Path traversal in github.com/valyala/fasthttp
High
CVE-2022-21221
was published
for
github.com/valyala/fasthttp
(Go)
Mar 18, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Podman Path Traversal Vulnerability leads to arbitrary file read/write
High
CVE-2019-10152
was published
for
github.com/containers/podman
(Go)
May 24, 2022
Path traversal in ginadmin
High
CVE-2022-30427
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Path Traversal in Git HTTP endpoints in Gogs
High
CVE-2022-1993
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
High
CVE-2022-25856
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API