GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
31 advisories
Filter by severity
containerd CRI plugin: Host memory exhaustion through ExecSync
Moderate
CVE-2022-31030
was published
for
github.com/containerd/containerd
(Go)
Jun 6, 2022
Symlink following allows leaking out-of-bounds YAML files from Argo CD repo-server
Moderate
CVE-2022-31036
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
DoS through large manifest files in Argo CD
Moderate
CVE-2022-31016
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
CloudCore CSI Driver: Malicious response from KubeEdge can crash CSI Driver controller server
Moderate
CVE-2022-31077
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
CloudCore UDS Server: Malicious Message can crash CloudCore
Moderate
CVE-2022-31076
was published
for
github.com/kubeedge/kubeedge
(Go)
Jun 25, 2022
KubeEdge Edge ServiceBus module DoS
Moderate
CVE-2022-31073
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge Cloud AdmissionController component DoS
Moderate
CVE-2022-31074
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge DoS when signing the CSR from EdgeCore
Moderate
CVE-2022-31075
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge CloudCore Router memory exhaustion vulnerability
Moderate
CVE-2022-31078
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
KubeEdge Cloud Stream and Edge Stream DoS from large stream message
Moderate
CVE-2022-31079
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
DoS in KubeEdge's Websocket Client in package Viaduct
Moderate
CVE-2022-31080
was published
for
github.com/kubeedge/kubeedge
(Go)
Jul 11, 2022
Helm Vulnerable to denial of service through string value parsing
Moderate
CVE-2022-36055
was published
for
helm.sh/helm/v3
(Go)
Aug 30, 2022
Helm vulnerable to denial of service through string value parsing
Moderate
CVE-2022-23524
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
Helm vulnerable to denial of service through through repository index file
Moderate
CVE-2022-23525
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
Helm vulnerable to denial of service through schema file
Moderate
CVE-2022-23526
was published
for
helm.sh/helm/v3
(Go)
Dec 14, 2022
OCI image importer memory exhaustion in github.com/containerd/containerd
Moderate
CVE-2023-25153
was published
for
github.com/containerd/containerd
(Go)
Feb 16, 2023
Crossplane-runtime contains Improper Input Validation via Compositions
Moderate
CVE-2023-27484
was published
for
github.com/crossplane/crossplane
(Go)
Mar 10, 2023
fieldpath's Paved.SetValue allows growing arrays up to arbitrary sizes in crossplane-runtime
Moderate
CVE-2023-27483
was published
for
github.com/crossplane/crossplane-runtime
(Go)
Mar 13, 2023
vitess allows users to create keyspaces that can deny access to already existing keyspaces
Moderate
CVE-2023-29194
was published
for
vitess.io/vitess
(Go)
Apr 11, 2023
VTAdmin users that can create shards can deny access to other functions
Moderate
CVE-2023-29195
was published
for
vitess.io/vitess
(Go)
May 11, 2023
Notation vulnerable to denial of service from high number of artifact signatures
Moderate
CVE-2023-33957
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
Notation's default `maxSignatureAttempts` in `notation verify` enables an endless data attack
Moderate
CVE-2023-33958
was published
for
github.com/notaryproject/notation
(Go)
Jun 6, 2023
Knative Serving vulnerable to attacker-controlled pod causing denial of service of autoscaler
Moderate
CVE-2023-48713
was published
for
knative.dev/serving
(Go)
Nov 27, 2023
CubeFS leaks magic secret key when starting Blobstore access service
Moderate
CVE-2023-46741
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS leaks users key in logs
Moderate
CVE-2023-46742
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
ProTip!
Advisories are also available from the
GraphQL API