GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
Information Exposure in RunC
Moderate
CVE-2016-9962
was published
for
github.com/opencontainers/runc
(Go)
Dec 20, 2021
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Initial debug-host handler implementation could leak information and facilitate denial of service
Moderate
GHSA-x477-fq37-q5wr
was published
for
fortio.org/proxy
(Go)
Jan 27, 2023
Improper Certificate Handling
Moderate
CVE-2020-9321
was published
for
github.com/traefik/traefik
(Go)
Sep 2, 2021
Duplicate advisory: Configuration exposure in github.com/coreos/ignition
Moderate
GHSA-mjqc-5c9x-xfcc
was published
for
github.com/coreos/ignition/v2
(Go)
May 18, 2022
•
withdrawn
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users
Moderate
CVE-2022-31066
was published
for
github.com/edgexfoundry/app-functions-sdk-go/v2
(Go)
Jun 17, 2022
Mattermost users could access some sensitive information via API call
Moderate
CVE-2022-2401
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Jul 15, 2022
Instance config inline secret exposure in Grafana
Moderate
CVE-2021-41090
was published
for
github.com/grafana/agent
(Go)
Dec 8, 2021
Improper Privilege Management in Mattermost
Moderate
CVE-2022-1332
was published
for
github.com/mattermost/mattermost-server/v5
(Go)
Apr 14, 2022
Exposure of Sensitive Information to an Unauthorized Actor and Origin Validation Error in podman
Moderate
CVE-2021-4024
was published
for
github.com/containers/podman/v3
(Go)
Jan 6, 2022
Information Exposure in Kubernetes
Moderate
CVE-2015-7528
was published
for
github.com/kubernetes/kubernetes
(Go)
Apr 12, 2022
Helm vulnerable to information disclosure via getHostByName Function
Moderate
CVE-2023-25165
was published
for
helm.sh/helm/v3
(Go)
Feb 8, 2023
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set
Moderate
CVE-2023-24827
was published
for
github.com/anchore/syft
(Go)
Feb 8, 2023
kube-state-metrics may expose secret content in metrics
Moderate
CVE-2019-10223
was published
for
k8s.io/kube-state-metrics
(Go)
May 24, 2022
usememos/memos may leak user information to an authenticated user
Moderate
CVE-2022-4734
was published
for
github.com/usememos/memos
(Go)
Dec 27, 2022
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Information Exposure in jaeger
Moderate
CVE-2020-10750
was published
for
github.com/jaegertracing/jaeger
(Go)
May 18, 2021
Podman Origin Validation Error
Moderate
CVE-2021-20199
was published
for
github.com/containers/podman/v3
(Go)
May 18, 2021
Buildkit credentials inlined to Git URLs could end up in provenance attestation
Moderate
CVE-2023-26054
was published
for
github.com/moby/buildkit
(Go)
Mar 7, 2023
Gitea Exposes Private Email Addresses
Moderate
CVE-2018-1000803
was published
for
github.com/go-gitea/gitea
(Go)
Feb 15, 2022
JWT leak via Open Redirect in Programmatic access
Moderate
CVE-2021-29651
was published
for
github.com/pomerium/pomerium
(Go)
May 21, 2021
Argo Exposure of Sensitive Information
Moderate
CVE-2018-21034
was published
for
github.com/argoproj/argo-cd
(Go)
May 24, 2022
Singularity Incorrect Access Control
Moderate
CVE-2018-12021
was published
for
github.com/hpcng/singularity
(Go)
May 14, 2022
Ironic and ironic-inspector may expose as ConfigMaps
Moderate
CVE-2023-30841
was published
for
github.com/metal3-io/baremetal-operator
(Go)
Apr 26, 2023
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name
Moderate
CVE-2023-46254
was published
for
github.com/projectcapsule/capsule
(Go)
Nov 7, 2023
ProTip!
Advisories are also available from the
GraphQL API