GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
25 advisories
Filter by severity
Information Disclosure in HashiCorp Vault
High
CVE-2020-13223
was published
for
github.com/hashicorp/vault
(Go)
May 18, 2021
Lookup function information discolosure in helm
High
CVE-2020-11013
was published
for
helm.sh/helm/v3
(Go)
May 27, 2021
Path traversal and dereference of symlinks in Argo CD
High
CVE-2022-24348
was published
for
github.com/argoproj/argo-cd
(Go)
Feb 7, 2022
Exposure of server configuration in github.com/go-vela/server
High
CVE-2020-26294
was published
for
github.com/go-vela/compiler
(Go)
Feb 15, 2022
containerd CRI plugin: Insecure handling of image volumes
High
CVE-2022-23648
was published
for
github.com/containerd/containerd
(Go)
Mar 2, 2022
Exposure of repository credentials to external third-party sources in Rancher
High
CVE-2021-36778
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Grafana world readable configuration files
High
CVE-2020-12459
was published
for
github.com/grafana/grafana
(Go)
May 24, 2022
Gitops Run insecure communication
High
CVE-2022-23509
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
Plaintext storage of sensitive data in Rancher API and cluster.management.cattle.io objects
High
CVE-2022-43757
was published
for
github.com/rancher/rancher
(Go)
Jan 25, 2023
User data in TPM attestation vulnerable to MITM
High
GHSA-r2h5-3hgw-8j34
was published
for
github.com/edgelesssys/constellation/v2
(Go)
Feb 17, 2023
Weave GitOps Terraform Controller Information Disclosure Vulnerability
High
CVE-2023-34236
was published
for
github.com/weaveworks/tf-controller
(Go)
Jul 14, 2023
Yaklang Plugin's Fuzztag Component Allows Unauthorized Local File Reading
High
CVE-2023-40023
was published
for
github.com/yaklang/yaklang
(Go)
Aug 15, 2023
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
github.com/ecies/go vulnerable to possible private key restoration
High
CVE-2023-49292
was published
for
github.com/ecies/go/v2
(Go)
Dec 5, 2023
CasaOS-UserService allows unauthorized access to any file
High
CVE-2024-24765
was published
for
github.com/IceWhaleTech/CasaOS-UserService
(Go)
Mar 6, 2024
Insecure Variable Substitution in Vela
High
CVE-2024-28236
was published
for
github.com/go-vela/worker
(Go)
Mar 14, 2024
Cluster Monitoring Operator contains a credentials leak
High
CVE-2024-1139
was published
for
github.com/openshift/cluster-monitoring-operator
(Go)
Apr 25, 2024
Grafana User enumeration via forget password
High
CVE-2022-39307
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Grafana Data source and plugin proxy endpoints could leak the authentication cookie to some destination plugins
High
CVE-2022-39201
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Cilium leaks sensitive information in cilium-bugtool
High
CVE-2024-37307
was published
for
github.com/cilium/cilium
(Go)
Jun 13, 2024
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec
High
CVE-2024-22032
was published
for
github.com/rancher/rancher
(Go)
Jun 17, 2024
Hoverfly allows an arbitrary file read in the `/api/v2/simulation` endpoint (`GHSL-2023-274`)
High
CVE-2024-45388
was published
for
github.com/spectolabs/hoverfly
(Go)
Sep 3, 2024
gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property
High
CVE-2024-45040
was published
for
github.com/consensys/gnark
(Go)
Sep 6, 2024
ZITADEL Allows Unauthorized Access After Organization or Project Deactivation
High
CVE-2024-47060
was published
for
github.com/zitadel/zitadel/v2
(Go)
Sep 19, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
ProTip!
Advisories are also available from the
GraphQL API