Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

198 advisories

Loading
Attacker can cause Kyverno user to unintentionally consume insecure image High
CVE-2023-47630 was published for github.com/kyverno/kyverno (Go) Nov 14, 2023
AdamKorcz Credited to AdamKorcz
capsule-proxy service discloses Namespaces of colliding tenants to owners of different tenants with the same ServiceAccount name Moderate
CVE-2023-46254 was published for github.com/projectcapsule/capsule (Go) Nov 7, 2023
mtheeren-asml Credited to mtheeren-asml and prometherion prometherion prometherion
Mattermost password hash disclosure vulnerability Moderate
CVE-2023-5968 was published for github.com/mattermost/mattermost-server (Go) Nov 6, 2023
MarkLee131 Credited to MarkLee131
Cros secrets may be disclosed to untrusted relay Moderate
CVE-2023-43617 was published for github.com/schollz/croc/v9 (Go) Sep 20, 2023
schollz Credited to schollz
Argo CD cluster secret might leak in cluster details page Critical
CVE-2023-40029 was published for github.com/argoproj/argo-cd/v2 (Go) Sep 11, 2023
alexmt Credited to alexmt
tss-lib leaks secret keys in response to incorrectly constructed Paillier moduli Critical
GHSA-h24c-6p6p-m3vx was published for github.com/bnb-chain/tss-lib (Go) Sep 1, 2023
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading High
CVE-2023-40023 was published for github.com/yaklang/yaklang (Go) Aug 15, 2023
Phelaine Credited to Phelaine
Mattermost fails to sanitize post metadata Moderate
CVE-2023-4108 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
KubePi may leak password hash of any user Moderate
CVE-2023-37916 was published for github.com/KubeOperator/kubepi (Go) Jul 21, 2023
ch1nhpd Credited to ch1nhpd
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu Credited to greenu
Cilium vulnerable to information leakage via incorrect ReferenceGrant handling Low
CVE-2023-34242 was published for github.com/cilium/cilium (Go) Jun 16, 2023
meyskens Credited to meyskens and bayandin bayandin bayandin
Minio console object names with RIGHT-TO-LEFT OVERRIDE unicode character can be exploited Moderate
CVE-2023-33955 was published for github.com/minio/console (Go) May 26, 2023
kr0x02 Credited to kr0x02
etcd Key name can be accessed via LeaseTimeToLive API Low
CVE-2023-32082 was published for github.com/etcd-io/etcd (Go) May 12, 2023
Ironic and ironic-inspector may expose as ConfigMaps Moderate
CVE-2023-30841 was published for github.com/metal3-io/baremetal-operator (Go) Apr 26, 2023
Buildkit credentials inlined to Git URLs could end up in provenance attestation Moderate
CVE-2023-26054 was published for github.com/moby/buildkit (Go) Mar 7, 2023
oatovar Credited to oatovar
User data in TPM attestation vulnerable to MITM High
GHSA-r2h5-3hgw-8j34 was published for github.com/edgelesssys/constellation/v2 (Go) Feb 17, 2023
Helm vulnerable to information disclosure via getHostByName Function Moderate
CVE-2023-25165 was published for helm.sh/helm/v3 (Go) Feb 8, 2023
phil9909 Credited to phil9909
Credential disclosure in syft when SYFT_ATTEST_PASSWORD environment variable set Moderate
CVE-2023-24827 was published for github.com/anchore/syft (Go) Feb 8, 2023
wagoodman Credited to wagoodman
Initial debug-host handler implementation could leak information and facilitate denial of service Moderate
GHSA-x477-fq37-q5wr was published for fortio.org/proxy (Go) Jan 27, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects High
CVE-2022-43757 was published for github.com/rancher/rancher (Go) Jan 25, 2023
Gitops Run insecure communication High
CVE-2022-23509 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf Credited to pjbgf
usememos/memos may leak user information to an authenticated user Moderate
CVE-2022-4734 was published for github.com/usememos/memos (Go) Dec 27, 2022
Traefik may display authorization header in the debug logs Low
CVE-2022-23469 was published for github.com/traefik/traefik/v2 (Go) Dec 8, 2022
Tailscale daemon is vulnerable to information disclosure via CSRF Low
CVE-2022-41925 was published for tailscale.com/cmd (Go) Nov 21, 2022
emilytrau Credited to emilytrau and JJJollyjim JJJollyjim JJJollyjim
Container build can leak any path on the host into the container Low
GHSA-vp35-85q5-9f25 was published for github.com/docker/docker (Go) Nov 11, 2022
leonwxqian Credited to leonwxqian, corhere, and neersighted corhere corhere
neersighted neersighted
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database