Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,904
Maven
5,000+
npm
5,000+
NuGet
967
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,374
Swift
54
Unreviewed advisories
All unreviewed
5,000+

198 advisories

Loading
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen Credited to joernchen, bobcallaway, and Hayden-IO bobcallaway bobcallaway
Hayden-IO Hayden-IO
Mattermost users could access some sensitive information via API call Moderate
CVE-2022-2401 was published for github.com/mattermost/mattermost-server/v6 (Go) Jul 15, 2022
Weave GitOps leaked cluster credentials into logs on connection errors Critical
CVE-2022-31098 was published for github.com/weaveworks/weave-gitops (Go) Jun 23, 2022
stefanprodan Credited to stefanprodan
Configuration API in EdgeXFoundry 2.1.0 and earlier exposes message bus credentials to local unauthenticated users Moderate
CVE-2022-31066 was published for github.com/edgexfoundry/app-functions-sdk-go/v2 (Go) Jun 17, 2022
bnevis-i Credited to bnevis-i
Calico vulnerable to pod route hijacking Moderate
CVE-2022-28224 was published for github.com/projectcalico/calico (Go) Jun 7, 2022
joshbressers Credited to joshbressers
Ignition config accessible to unprivileged software on VMware Moderate
CVE-2022-1706 was published for github.com/coreos/ignition (Go) May 25, 2022
jonaz Credited to jonaz, bgilbert, and jess-lowe bgilbert bgilbert
jess-lowe jess-lowe
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
Mattermost Server exposes team invite IDs through API endpoints Moderate
CVE-2017-18902 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes private team invite ID Moderate
CVE-2017-18901 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes sensitive user status information via REST API version 4 endpoint Moderate
CVE-2017-18895 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes team creator's e-mail address to other members Moderate
CVE-2017-18887 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes account details to any Team Administrator Moderate
CVE-2016-11080 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes information stored by a web browser Moderate
CVE-2016-11081 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server: initial_load API exposes unnecessary information High
CVE-2016-11066 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes sensitive information via its System Console UI Moderate
CVE-2016-11078 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Mattermost Server exposes sensitive information about team URLs via an API Moderate
CVE-2016-11075 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
Grafana world readable configuration files High
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Argo Exposure of Sensitive Information Moderate
CVE-2018-21034 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
kube-state-metrics may expose secret content in metrics Moderate
CVE-2019-10223 was published for k8s.io/kube-state-metrics (Go) May 24, 2022
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
Docker Moby /proc/scsi Path Exposure Allows Host Data Loss (SCSI MICDROP) Moderate
CVE-2017-16539 was published for github.com/moby/moby (Go) May 17, 2022
Caddy allows enumeration of Certificates and Hostnames Low
CVE-2018-19148 was published for github.com/caddyserver/caddy (Go) May 14, 2022
Singularity Incorrect Access Control Moderate
CVE-2018-12021 was published for github.com/hpcng/singularity (Go) May 14, 2022
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli Credited to dasMulli
Exposure of SSH credentials in Rancher/Fleet Low
GHSA-wm2r-rp98-8pmh was published for github.com/rancher/rancher (Go) Apr 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database