GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
935 advisories
Filter by severity
Permissions bypass in KubeVirt
Moderate
CVE-2020-1701
was published
for
kubevirt.io/kubevirt
(Go)
Jun 1, 2021
Access Restriction Bypass in kube-apiserver
Moderate
CVE-2021-25735
was published
for
k8s.io/kubernetes
(Go)
May 28, 2021
Weave Net clusters susceptible to MitM attacks via IPv6 rogue router advertisements
Moderate
CVE-2020-11091
was published
for
github.com/weaveworks/weave
(Go)
May 27, 2021
Authentication Bypass in hydra
Moderate
CVE-2020-5300
was published
for
github.com/ory/hydra
(Go)
May 27, 2021
opencontainers runc contains procfs race condition with a shared volume mount
Moderate
CVE-2019-19921
was published
for
github.com/opencontainers/runc
(Go)
May 27, 2021
In github.com/pion/webrtc, failed DTLS certificate verification doesn't stop data channel communication
Moderate
CVE-2021-28681
was published
for
github.com/pion/webrtc/v3
(Go)
May 25, 2021
Denial-of-Service within Docker container
Moderate
CVE-2020-26213
was published
for
ktbs.dev/teler
(Go)
May 24, 2021
containerd-shim API Exposed to Host Network Containers
Moderate
CVE-2020-15257
was published
for
github.com/containerd/containerd
(Go)
May 24, 2021
OAuth2 Redirect URL validity does not respect query parameters and character casing for loopback addresses
Moderate
CVE-2020-15233
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Redirect URL matching ignores character casing
Moderate
CVE-2020-15234
was published
for
github.com/ory/fosite
(Go)
May 24, 2021
Authenticated users can exploit an enumeration vulnerability in Harbor
Moderate
CVE-2020-13794
was published
for
github.com/goharbor/harbor
(Go)
May 24, 2021
github.com/russellhaering/goxmldsig vulnerable to Signature Validation Bypass
Moderate
CVE-2020-15216
was published
for
github.com/russellhaering/goxmldsig
(Go)
May 24, 2021
Import of incorrectly embargoed keys could cause early publication
Moderate
GHSA-3wxm-m9m4-cprj
was published
for
github.com/google/exposure-notifications-server
(Go)
May 21, 2021
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
pomerium_signature is not verified in middleware in github.com/pomerium/pomerium
Moderate
CVE-2021-29652
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
BLS Signature "Malleability"
Moderate
CVE-2021-21405
was published
for
github.com/filecoin-project/lotus
(Go)
May 21, 2021
Possible XSS when using SSO with the CLI in github.com/argoproj/argo-cd/v2
Moderate
CVE-2021-23347
was published
for
github.com/argoproj/argo-cd/v2
(Go)
May 21, 2021
Helm OCI credentials leaked into Argo CD logs
Moderate
GHSA-6w87-g839-9wv7
was published
for
github.com/argoproj/argo-cd
(Go)
May 21, 2021
Path Traversal in Docker
Moderate
CVE-2014-9356
was published
for
github.com/docker/docker
(Go)
May 18, 2021
miekg/dns insecurely generates random numbers
Moderate
CVE-2019-19794
was published
for
github.com/miekg/dns
(Go)
May 18, 2021
gopkg.in/macaron.v1 Open Redirect vulnerability
Moderate
CVE-2020-12666
was published
for
gopkg.in/macaron.v1
(Go)
May 18, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
github.com/pires/go-proxyproto denial of service vulnerability
Moderate
CVE-2021-23351
was published
for
github.com/pires/go-proxyproto
(Go)
May 18, 2021
Cross-site scripting in bluemonday
Moderate
CVE-2021-29272
was published
for
github.com/microcosm-cc/bluemonday
(Go)
May 18, 2021
Insecure Permissions in Gogs
Moderate
CVE-2020-14958
was published
for
gogs.io/gogs
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API