GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
18 advisories
Filter by severity
Authenticated users can crash the CubeFS servers with maliciously crafted requests
High
CVE-2023-46738
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
CubeFS timing attack can leak user passwords
High
CVE-2023-46739
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Insecure random string generator used for sensitive data
High
CVE-2023-46740
was published
for
github.com/cubefs/cubefs
(Go)
Jan 3, 2024
Incorrect delegation lookups can make go-tuf download the wrong artifact
High
CVE-2024-47534
was published
for
github.com/theupdateframework/go-tuf/v2
(Go)
Oct 1, 2024
Minder's GitHub Webhook Handler vulnerable to DoS from un-validated requests
High
CVE-2024-34084
was published
for
github.com/stacklok/minder
(Go)
May 7, 2024
Attacker can cause Kyverno user to unintentionally consume insecure image
High
CVE-2023-47630
was published
for
github.com/kyverno/kyverno
(Go)
Nov 14, 2023
notation-go's verification bypass can cause users to verify the wrong artifact
High
CVE-2023-33959
was published
for
github.com/notaryproject/notation-go
(Go)
Jun 6, 2023
Rekor's compressed archives can result in OOM conditions
High
CVE-2023-30551
was published
for
github.com/sigstore/rekor
(Go)
May 3, 2023
Possible image tampering from missing image validation for Packages
High
CVE-2023-38495
was published
for
github.com/crossplane/crossplane
(Go)
Jul 28, 2023
avro vulnerable to denial of service via attacker-controlled parameter
High
CVE-2023-37475
was published
for
github.com/hamba/avro
(Go)
Jul 17, 2023
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
High
CVE-2022-25856
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
Node DOS by way of memory exhaustion through ExecSync request in CRI-O
High
CVE-2022-1708
was published
for
github.com/cri-o/cri-o
(Go)
Jun 6, 2022
Insecure entropy in Argo CD's PKCE/Oauth2/OIDC params
High
CVE-2022-31034
was published
for
github.com/argoproj/argo-cd
(Go)
Jun 21, 2022
Unauthenticated control plane denial of service attack in Istio
High
CVE-2022-23635
was published
for
istio.io/istio
(Go)
Feb 23, 2022
notation-go has excessive memory allocation on verification
High
CVE-2023-25656
was published
for
github.com/notaryproject/notation-go
(Go)
Feb 22, 2023
Privilege escalation to cluster admin on multi-tenant environments
High
CVE-2021-41254
was published
for
github.com/fluxcd/kustomize-controller
(Go)
Nov 15, 2021
Argo CD certificate verification is skipped for connections to OIDC providers
High
CVE-2022-31105
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 12, 2022
Uses of deprecated API can be used to cause DoS in user-facing endpoints
High
CVE-2022-31054
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API