GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
141 advisories
Filter by severity
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Plugin archive directory traversal in Helm
Low
CVE-2020-4053
was published
for
helm.sh/helm/v3
(Go)
Jun 23, 2021
Denial of service in Tendermint
Low
CVE-2020-5303
was published
for
github.com/tendermint/tendermint
(Go)
May 27, 2021
Subdomain checking of whitelisted domains could allow unintended redirects in oauth2-proxy
Low
CVE-2021-21291
was published
for
github.com/oauth2-proxy/oauth2-proxy
(Go)
May 25, 2021
accounts: Hash account number using Salt
Low
GHSA-g636-q5fc-4pr7
was published
for
github.com/moov-io/customers
(Go)
May 24, 2021
plugin.yaml file allows for duplicate entries in helm
Low
CVE-2020-15187
was published
for
helm.sh/helm
(Go)
May 24, 2021
Improper Sanitizing of plugin names in helm
Low
CVE-2020-15186
was published
for
helm.sh/helm
(Go)
May 24, 2021
Repository index file allows for duplicates of the same chart entry in helm
Low
CVE-2020-15185
was published
for
helm.sh/helm
(Go)
May 24, 2021
Aliases are never checked in helm
Low
CVE-2020-15184
was published
for
helm.sh/helm
(Go)
May 24, 2021
RandomAlphaNumeric and CryptoRandomAlphaNumeric are not as random as they should be
Low
GHSA-xg2h-wx96-xgxr
was published
for
github.com/Masterminds/goutils
(Go)
May 21, 2021
A failed upgrade may lead to hung goroutines
Low
GHSA-gmq2-39ff-f5qg
was published
for
github.com/cloudflare/tableflip
(Go)
May 21, 2021
Crash due to malformed relay protocol message
Low
CVE-2021-21404
was published
for
github.com/syncthing/syncthing
(Go)
May 21, 2021
Import loops in account imports, nats-server DoS
Low
GHSA-gwj5-3vfq-q992
was published
for
github.com/nats-io/nats-server/v2
(Go)
May 21, 2021
Network policy may be bypassed by some ICMP Echo Requests
Low
GHSA-c66w-hq56-4q97
was published
for
github.com/cilium/cilium
(Go)
May 21, 2021
Local directory executable lookup in sops (Windows-only)
Low
GHSA-x5c7-x7m2-rhmf
was published
for
go.mozilla.org/sops/v3
(Go)
May 20, 2021
Information Disclosure in go.elastic.co/apm
Low
CVE-2021-22133
was published
for
go.elastic.co/apm
(Go)
May 18, 2021
ProTip!
Advisories are also available from the
GraphQL API