Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

937 advisories

Loading
Authz Module Non-Determinism Moderate
CVE-2021-41135 was published for github.com/cosmos/cosmos-sdk (Go) Oct 21, 2021
robert-zaremba iramiller
Email relay in Apache Traffic Control Moderate
CVE-2021-42009 was published for github.com/apache/trafficcontrol (Go) Oct 13, 2021
Insufficiently restricted permissions on plugin directories Moderate
CVE-2021-41103 was published for github.com/containerd/containerd (Go) Oct 4, 2021
Cross-site Scripting in Gitea Moderate
CVE-2021-28378 was published for code.gitea.io/gitea (Go) Sep 27, 2021
Cross-site Scripting in Mattermost Moderate
CVE-2021-37860 was published for github.com/mattermost/mattermost-server/v5 (Go) Sep 23, 2021
andrewpollock
Improperly Implemented path matching for in-toto-golang Moderate
CVE-2021-41087 was published for github.com/in-toto/in-toto-golang (Go) Sep 22, 2021
pxp928
Confused Deputy in Kubernetes Moderate
CVE-2020-8561 was published for k8s.io/kubernetes (Go) Sep 21, 2021
Cross-site Scripting in Beego Moderate
CVE-2021-39391 was published for github.com/beego/beego/v2 (Go) Sep 15, 2021
HashiCorp Consul and Consul Enterprise 1.10.1 Txn.Apply endpoint allowed services to register proxies for other services, enabling access to service traffic. Moderate
CVE-2021-38698 was published for github.com/hashicorp/consul (Go) Sep 8, 2021
Incomplete List of Disallowed Inputs in Kubernetes Moderate
CVE-2021-25737 was published for k8s.io/kubernetes (Go) Sep 7, 2021
Path traversal in Grafana Loki Moderate
CVE-2021-36156 was published for github.com/grafana/loki (Go) Sep 2, 2021
simonswine
Improper Certificate Handling Moderate
CVE-2020-9321 was published for github.com/traefik/traefik (Go) Sep 2, 2021
avivdolev
Path traversal in Grafana Cortex Moderate
CVE-2021-36157 was published for github.com/cortexproject/cortex (Go) Sep 2, 2021
Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault Moderate
CVE-2021-38554 was published for github.com/hashicorp/vault (Go) Aug 30, 2021
Ethereum Contains Consensus Flaw During Block Processing Moderate
CVE-2021-39137 was published for github.com/ethereum/go-ethereum (Go) Aug 30, 2021
guidovranken
Argo Server TLS requests could be forged by attacker with network access Moderate
GHSA-6c73-2v8x-qpvm was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Workflow re-write vulnerability using input parameter Moderate
CVE-2021-37914 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 9, 2021
Header dropping in traefik Moderate
CVE-2021-32813 was published for github.com/traefik/traefik (Go) Aug 5, 2021
Attack on Kubernetes via Misconfigured Argo Workflows Moderate
GHSA-rc7p-gmvh-xfx2 was published for github.com/argoproj/argo-workflows (Go) Aug 2, 2021
Beego has a file creation race condition Moderate
CVE-2019-16354 was published for github.com/astaxie/beego (Go) Aug 2, 2021
Incorrect Authorization in HashiCorp Consul Moderate
CVE-2020-7955 was published for github.com/hashicorp/consul (Go) Jul 28, 2021
Archive package allows chmod of file outside of unpack target directory Moderate
CVE-2021-32760 was published for github.com/containerd/containerd (Go) Jul 26, 2021
tdunlap607
Buildah processes using chroot isolation may leak environment values to intermediate processes Moderate
CVE-2021-3602 was published for github.com/containers/buildah (Go) Jul 19, 2021
bburky
Open Redirect in github.com/AndrewBurian/powermux Moderate
CVE-2021-32721 was published for github.com/AndrewBurian/powermux (Go) Jul 1, 2021
Cross-site scripting in Dutchcoders transfer.sh Moderate
CVE-2021-33496 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database