Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

25 advisories

Loading
Information Disclosure in HashiCorp Vault High
CVE-2020-13223 was published for github.com/hashicorp/vault (Go) May 18, 2021
Lookup function information discolosure in helm High
CVE-2020-11013 was published for helm.sh/helm/v3 (Go) May 27, 2021
Path traversal and dereference of symlinks in Argo CD High
CVE-2022-24348 was published for github.com/argoproj/argo-cd (Go) Feb 7, 2022
Exposure of server configuration in github.com/go-vela/server High
CVE-2020-26294 was published for github.com/go-vela/compiler (Go) Feb 15, 2022
matt-fevold wass3r
containerd CRI plugin: Insecure handling of image volumes High
CVE-2022-23648 was published for github.com/containerd/containerd (Go) Mar 2, 2022
felixwilhelm
Exposure of repository credentials to external third-party sources in Rancher High
CVE-2021-36778 was published for github.com/rancher/rancher (Go) May 2, 2022
dasMulli
Grafana world readable configuration files High
CVE-2020-12459 was published for github.com/grafana/grafana (Go) May 24, 2022
Gitops Run insecure communication High
CVE-2022-23509 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects High
CVE-2022-43757 was published for github.com/rancher/rancher (Go) Jan 25, 2023
User data in TPM attestation vulnerable to MITM High
GHSA-r2h5-3hgw-8j34 was published for github.com/edgelesssys/constellation/v2 (Go) Feb 17, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability High
CVE-2023-34236 was published for github.com/weaveworks/tf-controller (Go) Jul 14, 2023
greenu
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading High
CVE-2023-40023 was published for github.com/yaklang/yaklang (Go) Aug 15, 2023
Phelaine
Attacker can cause Kyverno user to unintentionally consume insecure image High
CVE-2023-47630 was published for github.com/kyverno/kyverno (Go) Nov 14, 2023
AdamKorcz
github.com/ecies/go vulnerable to possible private key restoration High
CVE-2023-49292 was published for github.com/ecies/go/v2 (Go) Dec 5, 2023
Merricx savely-krasovsky
CasaOS-UserService allows unauthorized access to any file High
CVE-2024-24765 was published for github.com/IceWhaleTech/CasaOS-UserService (Go) Mar 6, 2024
Cp0204
Insecure Variable Substitution in Vela High
CVE-2024-28236 was published for github.com/go-vela/worker (Go) Mar 14, 2024
gdiepen
Cluster Monitoring Operator contains a credentials leak High
CVE-2024-1139 was published for github.com/openshift/cluster-monitoring-operator (Go) Apr 25, 2024
Grafana User enumeration via forget password High
CVE-2022-39307 was published for github.com/grafana/grafana (Go) May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins High
CVE-2022-39201 was published for github.com/grafana/grafana (Go) May 14, 2024
Cilium leaks sensitive information in cilium-bugtool High
CVE-2024-37307 was published for github.com/cilium/cilium (Go) Jun 13, 2024
sayboras
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec High
CVE-2024-22032 was published for github.com/rancher/rancher (Go) Jun 17, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`) High
CVE-2024-45388 was published for github.com/spectolabs/hoverfly (Go) Sep 3, 2024
pwntester
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property High
CVE-2024-45040 was published for github.com/consensys/gnark (Go) Sep 6, 2024
maltezellic
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation High
CVE-2024-47060 was published for github.com/zitadel/zitadel/v2 (Go) Sep 19, 2024
prdp1137 livio-a
fforootd
github.com/rancher/steve's users can issue watch commands for arbitrary resources High
CVE-2024-52280 was published for github.com/rancher/steve (Go) Nov 20, 2024
ProTip! Advisories are also available from the GraphQL API