Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

739 advisories

Loading
Insecure permissions on build temporary rootfs in Singularity High
CVE-2020-25040 was published for github.com/sylabs/singularity (Go) May 24, 2021
dtrudg tri-adam
github.com/nats-io/nats-server Import token permissions checking not enforced High
GHSA-j756-f273-xhp4 was published for github.com/nats-io/nats-server/v2 (Go) May 21, 2021
Nil dereference in NATS JWT causing DoS of nats-server High
GHSA-hmm9-r2m2-qg9w was published for github.com/nats-io/jwt (Go) May 21, 2021
Incorrect handling of credential expiry by /nats-io/nats-server High
GHSA-2c64-vj8g-vwrq was published for github.com/nats-io/jwt (Go) May 21, 2021
Privilege escalation in rbac High
CVE-2021-22538 was published for github.com/google/exposure-notifications-verification-server (Go) May 21, 2021
Legacy Node API Allows Impersonation in github.com/spiffe/spire/pkg/server/endpoints/node High
CVE-2021-27098 was published for github.com/spiffe/spire (Go) May 21, 2021
c53robin
Insufficient Session Expiration in Kiali High
CVE-2020-1762 was published for github.com/kiali/kiali (Go) May 18, 2021
Path traversal in u-root High
CVE-2020-7665 was published for github.com/u-root/u-root (Go) May 18, 2021
rjoleary
Authorization bypass in github.com/dgrijalva/jwt-go High
CVE-2020-26160 was published for github.com/dgrijalva/jwt-go (Go) May 18, 2021
Integer overflow in github.com/gorilla/websocket High
CVE-2020-27813 was published for github.com/gorilla/websocket (Go) May 18, 2021
github.com/tidwall/gjson is vulnerable to Denial of service High
CVE-2020-36066 was published for github.com/tidwall/gjson (Go) May 18, 2021
github.com/unknwon/cae Path Traversal vulnerability High
CVE-2020-7668 was published for github.com/unknwon/cae (Go) May 18, 2021
Path Traversal in github.com/unknwon/cae/zip High
CVE-2020-7664 was published for github.com/unknwon/cae (Go) May 18, 2021
Go JOSE Signature Validation Bypass High
CVE-2016-9122 was published for gopkg.in/square/go-jose.v1 (Go) May 18, 2021
Go Ethereum Improper Input Validation High
CVE-2018-16733 was published for github.com/ethereum/go-ethereum (Go) May 18, 2021
miekg/dns parsing error leads to nil pointer dereference and DoS High
CVE-2018-17419 was published for github.com/miekg/dns (Go) May 18, 2021
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
Path Traversal in Buildah High
CVE-2020-10696 was published for github.com/containers/buildah (Go) May 18, 2021
Predictable SIF UUID Identifiers in github.com/sylabs/sif High
CVE-2021-29499 was published for github.com/sylabs/sif (Go) May 18, 2021
Hard coded cryptographic key in Kiali High
CVE-2020-1764 was published for github.com/kiali/kiali (Go) May 18, 2021
github.com/u-root/u-root/pkg/tarutil Arbitrary File Write via Archive Extraction (Zip Slip) High
CVE-2020-7669 was published for github.com/u-root/u-root (Go) May 18, 2021
leungster
Cross-site Request Forgery (CSRF) in Cloud Native Computing Foundation Harbor High
CVE-2019-19025 was published for github.com/goharbor/harbor (Go) May 18, 2021
SQL Injection in Cloud Native Computing Foundation Harbor High
CVE-2019-19029 was published for github.com/goharbor/harbor (Go) May 18, 2021
Infinite Loop in jsonparser High
CVE-2020-10675 was published for github.com/buger/jsonparser (Go) May 18, 2021
Allocation of Resources Without Limits or Throttling in Hashicorp Consul High
CVE-2020-13250 was published for github.com/hashicorp/consul (Go) May 18, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database