Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

786 advisories

Loading
Podman's default inheritable capabilities for linux container not empty High
CVE-2022-27649 was published for github.com/containers/podman/v4 (Go) Apr 1, 2022
AndrewGMorgan
Improper Input Validation in GoGo Protobuf High
CVE-2021-3121 was published for github.com/gogo/protobuf (Go) Mar 28, 2022
Incorrect Authorization in imgcrypt High
CVE-2022-24778 was published for github.com/containerd/imgcrypt (Go) Mar 28, 2022
dimitar-dimitrow
Unrestricted Upload of File with Dangerous Type in Gogs High
CVE-2022-0415 was published for gogs.io/gogs (Go) Mar 28, 2022
wuhan005
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
golang.org/x/crypto/ssh Denial of service via crafted Signer High
CVE-2022-27191 was published for golang.org/x/crypto (Go) Mar 19, 2022
westonsteimel
Denial of service in go-ethereum High
CVE-2021-42219 was published for github.com/ethereum/go-ethereum (Go) Mar 18, 2022
Path traversal in github.com/valyala/fasthttp High
CVE-2022-21221 was published for github.com/valyala/fasthttp (Go) Mar 18, 2022
Code Injection in CRI-O High
CVE-2022-0811 was published for github.com/cri-o/cri-o (Go) Mar 15, 2022
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Arbitrary file write in nats-server High
CVE-2022-26652 was published for github.com/nats-io/nats-server/v2 (Go) Mar 10, 2022
Code injection in Stripe CLI on windows High
CVE-2022-24753 was published for github.com/stripe/stripe-cli (Go) Mar 10, 2022
Account compromise in Evmos High
CVE-2022-24738 was published for github.com/tharsis/evmos (Go) Mar 7, 2022
colin-axner
Denial of Service in Go-Ethereum High
CVE-2022-23328 was published for github.com/ethereum/go-ethereum (Go) Mar 5, 2022
Denial of Service in Go-Ethereum High
CVE-2022-23327 was published for github.com/ethereum/go-ethereum (Go) Mar 5, 2022
Path traversal in claircore High
CVE-2021-3762 was published for github.com/quay/claircore (Go) Mar 4, 2022
containerd CRI plugin: Insecure handling of image volumes High
CVE-2022-23648 was published for github.com/containerd/containerd (Go) Mar 2, 2022
felixwilhelm
HashiCorp Nomad vulnerable to Allocation of Resources Without Limits or Throttling High
CVE-2022-24685 was published for github.com/hashicorp/nomad (Go) Mar 1, 2022
Improper Authentication in Capsule Proxy High
CVE-2022-23652 was published for github.com/clastix/capsule-proxy (Go) Feb 23, 2022
enj
Unauthenticated control plane denial of service attack in Istio High
CVE-2022-23635 was published for istio.io/istio (Go) Feb 23, 2022
AdamKorcz howardjohn
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-23650 was published for github.com/gravitl/netmaker (Go) Feb 22, 2022
JamieSlome MrSuicideParrot
Incorrect Authorization in runc High
CVE-2019-16884 was published for github.com/opencontainers/runc (Go) Feb 22, 2022
Use of Hard-coded Cryptographic Key in Netmaker High
CVE-2022-0664 was published for github.com/gravitl/netmaker (Go) Feb 19, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database