GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
20 advisories
Filter by severity
Insecure permissions on build temporary rootfs in Singularity
High
CVE-2020-25040
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
Archive package allows chmod of file outside of unpack target directory
Moderate
CVE-2021-32760
was published
for
github.com/containerd/containerd
(Go)
Jul 26, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
Insecure permissions on user namespace / fakeroot temporary rootfs in Singularity
High
CVE-2020-25039
was published
for
github.com/sylabs/singularity
(Go)
Dec 20, 2021
Improper Control of a Resource Through its Lifetime in Mattermost
Moderate
CVE-2022-1385
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
Rancher Privilege Escalation Vulnerability
High
CVE-2019-12274
was published
for
github.com/rancher/rancher
(Go)
May 24, 2022
Cronos vulnerable to DoS through unintended Contract Selfdestruct
High
GHSA-gwj5-wp6r-5q9f
was published
for
github.com/crypto-org-chain/cronos
(Go)
Aug 11, 2022
Ethermint vulnerable to DoS through unintended Contract Selfdestruct
High
CVE-2022-35936
was published
for
github.com/Kava-Labs/kava
(Go)
Aug 18, 2022
HashiCorp Nomad vulnerable to non-sensitive metadata exposure
Moderate
CVE-2022-3866
was published
for
github.com/hashicorp/nomad
(Go)
Nov 10, 2022
robbert229/jwt's token validation methods vulnerable to a timing side-channel during HMAC comparison
High
CVE-2015-10004
was published
for
github.com/robbert229/jwt
(Go)
Dec 28, 2022
Mattermost vulnerable to information disclosure
Moderate
CVE-2023-1775
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 31, 2023
Mattermost vulnerable to information disclosure
Moderate
CVE-2023-1777
was published
for
github.com/mattermost/mattermost-server
(Go)
Mar 31, 2023
Nomad Caller ACL Token’s Secret ID is Exposed to Sentinel
Low
CVE-2023-3299
was published
for
github.com/hashicorp/nomad
(Go)
Jul 20, 2023
Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
High
CVE-2023-28433
was published
for
github.com/minio/minio
(Go)
Sep 6, 2023
runc vulnerable to container breakout through process.cwd trickery and leaked fds
High
CVE-2024-21626
was published
for
github.com/opencontainers/runc
(Go)
Jan 31, 2024
containerd environment variable leak
Moderate
CVE-2021-21334
was published
for
github.com/containerd/containerd
(Go)
Jan 31, 2024
IPv6 enabled on IPv4-only network interfaces
Moderate
CVE-2024-32473
was published
for
github.com/docker/docker
(Go)
Apr 18, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
malicious container creates symlink "mtab" on the host External
High
CVE-2024-5154
was published
for
github.com/cri-o/cri-o
(Go)
Jun 4, 2024
ProTip!
Advisories are also available from the
GraphQL API