GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
108 advisories
Filter by severity
Exposure of SSH credentials in Rancher/Fleet
Low
GHSA-wm2r-rp98-8pmh
was published
for
github.com/rancher/rancher
(Go)
Apr 27, 2022
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Insecure Permissions in Gogs
Critical
CVE-2019-14544
was published
for
gogs.io/gogs
(Go)
May 18, 2021
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Initial debug-host handler implementation could leak information and facilitate denial of service
Moderate
GHSA-x477-fq37-q5wr
was published
for
fortio.org/proxy
(Go)
Jan 27, 2023
Argo CD will blindly trust JWT claims if anonymous access is enabled
Critical
CVE-2022-29165
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
Tailscale daemon is vulnerable to information disclosure via CSRF
Low
CVE-2022-41925
was published
for
tailscale.com/cmd
(Go)
Nov 21, 2022
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Moderate
CVE-2022-31066
was published
for
github.com/edgexfoundry/app-functions-sdk-go/v2
(Go)
Jun 17, 2022
Weave GitOps leaked cluster credentials into logs on connection errors
Critical
CVE-2022-31098
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jun 23, 2022
Mattermost users could access some sensitive information via API call
Moderate
CVE-2022-2401
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jul 15, 2022
Traefik may display authorization header in the debug logs
Low
CVE-2022-23469
was published
for
github.com/traefik/traefik/v2
(Go)
Dec 8, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
Information Exposure in Kubernetes
Moderate
CVE-2015-7528
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 12, 2022
Helm vulnerable to information disclosure via getHostByName Function
Moderate
CVE-2023-25165
was published
for
helm.sh/helm/v3
(Go)
Feb 8, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
User data in TPM attestation vulnerable to MITM
High
GHSA-r2h5-3hgw-8j34
was published
for
github.com/edgelesssys/constellation/v2
(Go)
Feb 17, 2023
kube-state-metrics may expose secret content in metrics
Moderate
CVE-2019-10223
was published
for
k8s.io/kube-state-metrics
(Go)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API