GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,150
Erlang
30
GitHub Actions
19
Go
1,952
Maven
5,000+
npm
3,684
NuGet
650
pip
3,305
Pub
11
RubyGems
879
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,952 advisories
Filter by severity
Authorization Policy Bypass Due to Case Insensitive Host Comparison
High
CVE-2021-39155
was published
for
istio.io/istio
(Go)
Aug 30, 2021
Ethereum Contains Consensus Flaw During Block Processing
Moderate
CVE-2021-39137
was published
for
github.com/ethereum/go-ethereum
(Go)
Aug 30, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Argo Server TLS requests could be forged by attacker with network access
Moderate
GHSA-6c73-2v8x-qpvm
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
Workflow re-write vulnerability using input parameter
Moderate
CVE-2021-37914
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 9, 2021
Header dropping in traefik
Moderate
CVE-2021-32813
was published
for
github.com/traefik/traefik
(Go)
Aug 5, 2021
Attack on Kubernetes via Misconfigured Argo Workflows
Moderate
GHSA-rc7p-gmvh-xfx2
was published
for
github.com/argoproj/argo-workflows
(Go)
Aug 2, 2021
Beego has a file creation race condition
Moderate
CVE-2019-16354
was published
for
github.com/astaxie/beego
(Go)
Aug 2, 2021
Authentication Bypass by Spoofing and Insufficient Verification of Data Authenticity in Hashicorp Vault
High
CVE-2020-16250
was published
for
github.com/hashicorp/vault
(Go)
Aug 2, 2021
Incorrect Authorization in HashiCorp Consul
Moderate
CVE-2020-7955
was published
for
github.com/hashicorp/consul
(Go)
Jul 28, 2021
Improper Resource Shutdown or Release in HashiCorp Vault
High
CVE-2020-7220
was published
for
github.com/hashicorp/vault
(Go)
Jul 28, 2021
github.com/pires/go-proxyproto vulnerable to DoS via Connection descriptor exhaustion
High
CVE-2021-23409
was published
for
github.com/pires/go-proxyproto
(Go)
Jul 26, 2021
Improper Restriction of Excessive Authentication Attempts in Argo API
High
CVE-2020-8827
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Argo CD Insecure default administrative password
High
CVE-2020-8828
was published
for
github.com/argoproj/argo-cd
(Go)
Jul 26, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
HashiCorp Consul L7 deny intention results in an allow action
High
CVE-2021-36213
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Hashicorp Consul Missing SSL Certificate Validation
High
CVE-2021-32574
was published
for
github.com/hashicorp/consul
(Go)
Jul 19, 2021
Buildah processes using chroot isolation may leak environment values to intermediate processes
Moderate
CVE-2021-3602
was published
for
github.com/containers/buildah
(Go)
Jul 19, 2021
Open Redirect in github.com/AndrewBurian/powermux
Moderate
CVE-2021-32721
was published
for
github.com/AndrewBurian/powermux
(Go)
Jul 1, 2021
Denial of Service in miekg-dns
High
CVE-2017-15133
was published
for
github.com/miekg/dns
(Go)
Jun 29, 2021
Improper Authenication in Pion DTLS
Critical
CVE-2019-20786
was published
for
github.com/pion/dtls
(Go)
Jun 29, 2021
Incorrect Default Permissions in Binance tss-lib
High
CVE-2020-12118
was published
for
github.com/binance-chain/tss-lib
(Go)
Jun 29, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Cross-site scripting in Dutchcoders transfer.sh
Moderate
CVE-2021-33496
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
CRLF vulnerability in Fiber
Moderate
CVE-2020-15111
was published
for
github.com/gofiber/fiber
(Go)
Jun 29, 2021
ProTip!
Advisories are also available from the
GraphQL API