Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

57 advisories

Loading
Path traversal in github.com/ipfs/go-ipfs High
CVE-2020-26279 was published for github.com/ipfs/go-ipfs (Go) Jun 23, 2021
tintinweb
Path traversal in u-root High
CVE-2020-7665 was published for github.com/u-root/u-root (Go) May 18, 2021
rjoleary
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Path traversal in ginadmin High
CVE-2022-30427 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Path Traversal in Git HTTP endpoints in Gogs High
CVE-2022-1993 was published for gogs.io/gogs (Go) Jun 8, 2022
Sim4n6
Flux CLI Workload Injection High
CVE-2022-36035 was published for github.com/fluxcd/flux2 (Go) Sep 1, 2022
pjbgf
Path traversal and files overwrite with unsquashfs in singularity High
CVE-2020-15229 was published for github.com/sylabs/singularity (Go) May 24, 2021
cclerget
Casdoor arbitrary file deletion vulnerability via uploadFile function High
CVE-2022-44942 was published for github.com/casdoor/casdoor (Go) Dec 7, 2022
Arbitrary file write in nats-server High
CVE-2022-26652 was published for github.com/nats-io/nats-server/v2 (Go) Mar 10, 2022
act vulnerable to arbitrary file upload in artifact server High
CVE-2023-22726 was published for github.com/nektos/act (Go) Jan 20, 2023
Path traversal in claircore High
CVE-2021-3762 was published for github.com/quay/claircore (Go) Mar 4, 2022
Unsafe tar unpacking in HashiCorp go-slug High
CVE-2020-29529 was published for github.com/hashicorp/go-slug (Go) Feb 6, 2023
Path Traversal in gin-vue-admin High
CVE-2022-47762 was published for github.com/flipped-aurora/gin-vue-admin (Go) Feb 3, 2023
Zip slip directory exploit in github.com/deislabs/oras High
CVE-2021-21272 was published for github.com/deislabs/oras (Go) Feb 15, 2022
smowton
Hertz contains path traversal via normalizePath function High
CVE-2022-40082 was published for github.com/cloudwego/hertz (Go) Sep 29, 2022
Goa vulnerable to path traversal High
CVE-2019-25073 was published for github.com/goadesign/goa (Go) Dec 28, 2022
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs High
CVE-2021-30465 was published for github.com/opencontainers/runc (Go) May 25, 2021
champtar
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
Arbitrary file reads in HashiCorp Nomad High
CVE-2022-24683 was published for github.com/hashicorp/nomad (Go) Feb 18, 2022
tdunlap607
Path traversal in ServiceCenter High
CVE-2021-21501 was published for github.com/apache/servicecomb-service-center (Go) Sep 1, 2021
tdunlap607
Goutil vulnerable to path traversal when unzipping files High
CVE-2023-27475 was published for github.com/gookit/goutil (Go) Mar 7, 2023
cokeBeer
Kraken has arbitrary file read vulnerability via component testfs High
CVE-2022-47747 was published for github.com/uber/kraken (Go) Jan 20, 2023
Podman Path Traversal Vulnerability leads to arbitrary file read/write High
CVE-2019-10152 was published for github.com/containers/podman (Go) May 24, 2022
Insecure path traversal in Git Trigger Source can lead to arbitrary file read High
CVE-2022-25856 was published for github.com/argoproj/argo-events (Go) Jun 17, 2022
DavidKorczynski AdamKorcz
ProTip! Advisories are also available from the GraphQL API